Infosec Institute

Open Bug Bounty mentioned in the
Top 6 Bug Bounty programs of
2022 by the InfoSec Institute

The Hacker News

Open Bug Bounty named among the
Top 5 Bug Bounty programs of 2021
by The Hacker News

For security researchers
Report a Vulnerability
Submit, help fixing, get kudos.
For website owners
Start a Bug Bounty
Run your bounty program for free.
1,754,203 coordinated disclosures
1,407,938 fixed vulnerabilities
2,030 bug bounty programs, 3,959 websites
49,806 researchers, 1,682 honor badges

API for CERTs and LEAs

To promote coordinated and responsible disclosure enabled by Open Bug Bounty non-profit project, we provide national and private (subject to qualification) CERTs and Law Enforcement Agencies (LEA) with a free and unlimited API to search our databases and get alerts on new submissions affecting any domain.

The API does not provide vulnerability details (that belong to the security researchers) unless they are publicly disclosed.

Request API access

* Agency Name:
* Agency Country:
* Contact Person Name:
* Contact Person Email:
Special Requests:

Your data will remain confidential and will not be shared with any third parties.

  Latest Patched


  Latest Blog Posts

04.12.2023 by BAx99x
Unmasking the Power of Cross-Site Scripting (XSS): Types, Exploitation, Detection, and Tools
04.12.2023 by a13h1_
$1120: ATO Bug in Twitter’s
04.12.2023 by ClumsyLulz
How I found a Zero Day in W3 Schools
04.12.2023 by 24bkdoor
Hack the Web like a Pirate: Identifying Vulnerabilities with Style
04.12.2023 by 24bkdoor
Navigating the Bounty Seas with Open Bug Bounty

  Recent Recommendations

    16 July, 2024
Reported a valid XSS issue on our web
    9 July, 2024
Got a message to say we had some vulnerabilities and SYPltd shared their report allowing us to get it fixed. A massive thanks from us
    4 July, 2024
I highly recommend Shunux for his exceptional expertise in finding and helping in fixing the XSS bugs on our website. His prompt and professional work ensured our platform's security and demonstrated their deep understanding of web security.
    1 July, 2024
awesome job. went the extra mile.
    18 June, 2024
@Dipu1A found vulnerabilities on my website. Thanks to his report, I was able to fix them quickly.