API for CERTs

To promote coordinated and responsible disclosure enabled by Open Bug Bounty non-profit project, we provide national and private (subject to qualification) CERTs with a free API to search our databases and get alerts on new submissions affecting any domain.

We do not provide any vulnerability details (that belong to the security researchers) unless they are publicly disclosed via the API.

Upon request, we can also try to put your in contact with a researcher to facilitate coordinate disclosure and vulnerability remediation.

Request API access

Latest Patched

18.04.2019 guatemala.com

18.04.2019 crossref.org

17.04.2019 mzitu.com

17.04.2019 manilatimes.net

17.04.2019 smiledirectclub.com

17.04.2019 cardiff.ac.uk

17.04.2019 ktown4u.com

17.04.2019 espnfc.com

16.04.2019 univ-poitiers.fr

16.04.2019 burton.com

Latest Blog Posts

04.04.2019 by Gh05tPT
XSS alert() variants

03.04.2019 by ismailtsdln
PHP Security Check List [ EN ]

02.04.2019 by Open Bug Bounty
API for bug bounty owners

02.04.2019 by MiguelSantareno
Google Dorks to find open redirects:

02.04.2019 by MiguelSantareno
Cross Site Script angular payloads:

Recent Recommendations

18 April, 2019

myparadisio:

Thanks k0t, for pointed out two XSS vulnerabilities on our website!
Your input was very much appreciated!

17 April, 2019

rhyswynne:

acelakshitverma helped identify a bug on my hobby site and fixed it. Thanks!

16 April, 2019

Danny76084307:

Hallo Armin,
vielen Dank für Deinen Einsatz!
Durch deinen Hinweis konnten wir zwei Lücken schließen.
Schöne Grüße
Danny

15 April, 2019

matthias_lueck:

Felipe found a vulnerability in our website , which we were able to fix with Felipes detailed report. He was very responsive and professional. Highly recommended!
Thank you very much Felipe!

15 April, 2019

watergateweb:

Another XSS vulnerability found, thanks a lot!

Making Web a Safer Place

Coordinated & Responsible Disclosure

Based on ISO 29147 Guidelines