Coordinated and Responsible Vulnerability Disclosure Free Bug Bounty Program 277,741 coordinated disclosures
160,074 fixed vulnerabilities
223,050 websites, 17,613 VIP websites
7,418 researchers, 6,915 subscribers Bug Bounty Program runs a bug bounty program to ensure the highest security and privacy of its websites. Everyone is eligible to participate in the program subject to the below-mentioned conditions and requirements of

Open Bug Bounty performs triage and verification of the submissions. However, we never intervene to the further process of vulnerability remediation and disclosure between and researchers.

Bug bounty program allow all submissions.

Bug Bounty Scope

The following websites are within the scope of the program:


Non-Intrusive Submissions Handling

The following section encompasses submission of the vulnerabilities that do not require intrusive testing as per Open Bug Bounty rules:

- Cross Site Scripting (XSS)
- Open Redirect

- Cross Site Request Forgery (CSRF)
- Improper Access Control

General Requirements:


Testing Requirements:


Possible Awards:


Special Notes:


Community Rating

Provided by security researchers who reported security vulnerabilities via this bug bounty program:

Response Time  How quickly researchers get responses to their submissions.
Remediation Time  How quickly reported submissions are fixed.
Cooperation and Respect  How fairly and respectfully researchers are being treated.

  Latest Patched
    Patched on 15.10.2018
    Patched on 15.10.2018
    Patched on 15.10.2018
    Patched on 15.10.2018
    Patched on 15.10.2018
    Patched on 15.10.2018
    Patched on 14.10.2018
    Patched on 14.10.2018
    Patched on 14.10.2018
    Patched on 14.10.2018

  Recent Recommendations

    15 October, 2018
Hallo Armin,
vielen Dank für die Meldung einer Sicherheitslücke auf unserem Reiseportal und für die konstruktive und proaktive Unterstützung!
Viele Grüße, Michael
    14 October, 2018
Super quick to reply, open and transparent. HUGE thanks to pointing out some issues!
    12 October, 2018
Diego was helpful in disclosing and providing details about an XSS vulnerability, which we have since patched. Thanks!
    11 October, 2018
Thank You Eduardo! I fixed the Problem on 2018/10/08. But unfortunately you forgot to switch my Status to "patched". You wrote me, you have done this. Did you found later an other security Risk?
    10 October, 2018
Thank you for your XSS report and fast response