Open Bug Bounty selected among the
Top 5 Bug Bounty programs to watch
in 2021 by The Hacker News

For security researchers
Report a Vulnerability
Submit, help fixing, get kudos.
For website owners
Start a Bug Bounty
Run your bounty program for free.
1,004,377 coordinated disclosures
627,734 fixed vulnerabilities
1,347 bug bounty programs, 2,697 websites
23,313 researchers, 1,317 honor badges

Coordinated Disclosure Vulnerability

This vulnerability was reported via our coordinated disclosure Open Bug Bounty program and patched.

  Latest Patched

 17.06.2021 crazyegg.com
 17.06.2021 eastriding.gov.uk
 17.06.2021 clicky.com
 17.06.2021 aljazeera.com
 16.06.2021 uptrennd.com
 16.06.2021 spareroom.co.uk
 16.06.2021 fws.gov
 16.06.2021 istat.it
 16.06.2021 infoclimat.fr

  Latest Blog Posts

25.05.2021 by 0xrocky
Google XSS Game
25.05.2021 by ShivanshMalik12
Testing for XSS (Cross Site Scripting)
25.05.2021 by darklotuskdb
Easy XSS On Mostly Educational Websites Via Moodle
25.04.2021 by ParanjpeSanmarg
Testing Subdomain Takeover Vulnerability
11.04.2021 by Open Bug Bounty
Better Notifications Mechanism

  Recent Recommendations

@RyanBoehm12     16 June, 2021
    Twitter RyanBoehm12:
Vighnesh Gupta was professional, considerate, and thorough in helping us resolve a security flaw on our website. He communicated with in a timely manner, and provided all necessary support to fix the issue. I highly recommend him.
@rus_cert     16 June, 2021
    Twitter rus_cert:
Thanks for informing us about the vulnerability and providing helpful details :-)
@Cyber91998806     16 June, 2021
    Twitter Cyber91998806:
He responded to my mails quickly and helped us how to fix the vulnerability in a professional way. I recommended this guy.
@contactsplus     15 June, 2021
    Twitter contactsplus:
Tuhin reported 3 valid vulnerabilities to us of severities High, Medium and Low.

He was very professional and helped us recreate the issues until we were able to verify.
He was awarded a bounty for his efforts.

Thank you Tuhin!

Contacts+ Security Team.
@infoclimat     15 June, 2021
    Twitter infoclimat:
Auntor has found a misconfigured header that could lead to clickjacking. Thanks for your contribution.