Coordinated and Responsible Vulnerability Disclosure Free Bug Bounty Program 455,840 coordinated disclosures
244,109 fixed vulnerabilities
604 bug bounties with 1224 websites
12,299 researchers, 961 honor badges Bug Bounty Program runs a bug bounty program to ensure the highest security and privacy of its websites. Everyone is eligible to participate in the program subject to the below-mentioned conditions and requirements of

Open Bug Bounty performs triage and verification of the submissions. However, we never intervene to the further process of vulnerability remediation and disclosure between and researchers.

Bug bounty program allow private and public submissions.

Bug Bounty Scope

The following websites are within the scope of the program:

Non-Intrusive Submissions Handling

The following section encompasses submission of the vulnerabilities that do not require intrusive testing as per Open Bug Bounty rules:

- Cross Site Scripting (XSS)
- Open Redirect

- Cross Site Request Forgery (CSRF)
- Improper Access Control

General Requirements:

No general requirements

Testing Requirements:

No testing requirements

Possible Awards:

No possible awards

Community Rating

Provided by security researchers who reported security vulnerabilities via this bug bounty program:

Response Time  How quickly researchers get responses to their submissions.
Remediation Time  How quickly reported submissions are fixed.
Cooperation and Respect  How fairly and respectfully researchers are being treated.

Researcher's comments

No comments so far.

  Latest Patched


  Latest Blog Posts

17.10.2019 by geeknik
The "S" in IOT is for Security
16.10.2019 by darknetguy
Best XSS Vectors
01.10.2019 by Renzi25031469
#Security 100%
18.09.2019 by Leon
SSRF | Reading Local Files from DownNotifier server
13.09.2019 by drok3r
Collection of information | Google Hacking and Dorks basic

  Recent Recommendations

    21 October, 2019
Thanks very much for the report!
We were sure that everything was proteced, but apparently we missed some special places where the escaping wasn't sufficient.
It is now fixed.
    21 October, 2019
Thank you for making us aware of an issue on our site.
We really appreciate it.
    21 October, 2019
Thank you very much for finding and evaluating a vulnerability on our website. Very professional and detailed communication
    21 October, 2019
Thank you Faizan_mark for warnings about XSS failures on our websites. We have fixed it.
    21 October, 2019
Thank you for research and reporting XSS vulnerability of my site.