API for CERTs

For Researchers

Twitter Login		HOW IT WORKS Download presentation and learn how our service works PDF, 1MB
Report a Vulnerability
Browse Bug Bounty Programs
Write a Blog Post
Ask a Question

For Owners

Start a Bug Bounty		HOW IT WORKS Download presentation and learn how our service works PDF, 1MB
Ask a Question
API

Hall of Fame

Top Security Researchers

Acknowledgements
About

  About the Project

  Latest Reports

  Contact Us
Forum
Blog

To promote coordinated and responsible disclosure enabled by Open Bug Bounty non-profit project, we provide national and private (subject to qualification) CERTs with a free API to search our databases and get alerts on new submissions affecting any domain.

We do not provide any vulnerability details (that belong to the security researchers) unless they are publicly disclosed via the API.

Upon request, we can also try to put your in contact with a researcher to facilitate coordinate disclosure and vulnerability remediation.

Request API access

Latest Patched

12.08.2020 2gis.kz

12.08.2020 themoviedb.org

12.08.2020 arb.ca.gov

12.08.2020 lightningmaps.org

12.08.2020 univ-poitiers.fr

12.08.2020 wirtualnemedia.pl

11.08.2020 wuzzuf.net

11.08.2020 inmotionhosting.com

11.08.2020 politico.com

11.08.2020 lyricstraining.com

Latest Blog Posts

24.06.2020 by Gkexamquiz
How to Find Contacts To Report Bugs & Security Vulnerabilities | Bug Bounty Tutorials 2020

24.06.2020 by 0xcrypto
Improper Access Control - Generic: Unrestricted access to any "connected pack" on docs in coda.io

04.04.2020 by Rando02355205
(Alibaba) message.alibaba.com [IDOR] - [Bug Bounty]

12.03.2020 by Rando02355205
(Paypal) www.paypal.com [CSP High Level] - [XSS Reflected] - [Bug Bounty] - [Write Up]

08.03.2020 by CybeReports
JDECO.net XSS Vulnerability| CybeReports

Recent Recommendations

12 August, 2020

www_aasv_org:

Caught me having forgotten to entity-encode values when re-displaying an incomplete form submission. While the initial report was all I needed to patch, Rajash considerately provided additional detail without being asked through the openbugbounty comments.

10 August, 2020

msawired:

Thank you for reporting the XSS vulnerability. Your explanations were very helpful, and we were able to resolve the issue in no time.

6 August, 2020

Robert_CMI:

Thank you Rajesh for reporting vulnerabilities on our website, your quick and detailed response was very valuable to us!

6 August, 2020

StefanCink:

Thanks to @singhnitesh21 we were able to close a vulnerability on our website asap. Thank you!

5 August, 2020

kkb5mobile:

Thank you for pointing out the vulnerability.
Thanks to you, I was able to respond safely.

Making Web a Safer Place

Coordinated & Responsible Disclosure

Based on ISO 29147 Guidelines