Coordinated and Responsible Vulnerability Disclosure Free Bug Bounty Program 257,516 coordinated disclosures
153,998 fixed vulnerabilities
207,982 websites, 17,225 VIP websites
6,879 researchers, 6,915 subscribers Bug Bounty Program runs a bug bounty program to ensure the highest security and privacy of its websites. Everyone is eligible to participate in the program subject to the below-mentioned conditions and requirements of

Open Bug Bounty performs triage and verification of the submissions. However, we never intervene to the further process of vulnerability remediation and disclosure between and researchers.

Bug bounty program allow all submissions.

Bug Bounty Scope

The following websites are within the scope of the program:


Non-Intrusive Submissions Handling

The following section encompasses submission of the vulnerabilities that do not require intrusive testing as per Open Bug Bounty rules:

- Cross Site Scripting (XSS)
- Open Redirect

- Cross Site Request Forgery (CSRF)
- Improper Access Control

General Requirements:


Testing Requirements:


Possible Awards:


Special Notes:


Community Rating

Provided by security researchers who reported security vulnerabilities via this bug bounty program:

Response Time  How quickly researchers get responses to their submissions.
Remediation Time  How quickly reported submissions are fixed.
Cooperation and Respect  How fairly and respectfully researchers are being treated.

  Latest Patched
    Patched on 21.08.2018
    Patched on 21.08.2018
    Patched on 21.08.2018
    Patched on 21.08.2018
    Patched on 21.08.2018
    Patched on 21.08.2018
    Patched on 21.08.2018
    Patched on 20.08.2018
    Patched on 20.08.2018
    Patched on 20.08.2018

  Recent Recommendations

    21 August, 2018
Andre found out a vulnerability on our site. With his help we have solved it. Thanks a lot
    21 August, 2018
Dear Armin,
thank you very much for reporting a XSS vulnerability.

Best Regards
    20 August, 2018
Provided quick and helpful information which helped us fix the issue. Thank you !
    20 August, 2018
Thanks for finding this XSS vulnerability and notifying us.
    19 August, 2018
It's never fun to hear about a security problem but KhanJanny was polite and prompt with details of the vulnerability, following up on progress and informing me when the issue was resolved. We are very grateful.