Open Bug Bounty selected among the
Top 5 Bug Bounty programs to watch
in 2021 by The Hacker News

For security researchers
Report a Vulnerability
Submit, help fixing, get kudos.
For website owners
Start a Bug Bounty
Run your bounty program for free.
1,117,835 coordinated disclosures
710,199 fixed vulnerabilities
1,463 bug bounty programs, 2,925 websites
25,764 researchers, 1,380 honor badges

VitorMacedo | Security Researcher Profile


Security researcher VitorMacedo has already helped fix 143 vulnerabilities.



Researcher reputation:  40

Real name:
Vitor Macedo

Contact email:
[email protected]

Alternative Contacts:
[email protected]

Recommendations and Acknowledgements

@hhsecwatch     14 December, 2017
    Twitter hhsecwatch Hamish from spikes:
We were very grateful for Vitor's notification. He was quick to respond to our email and confirmed the type of vulnerability he had discovered. Our application was already undergoing a paid pen test, and the issue that Vitor found matches what our pen testers found, which is reaffirming.
@michaeljkranz     7 December, 2017
    Twitter michaeljkranz Michael Kranz from Simons Foundation:
Vitor not only caught the bug, but quickly responded to our request for more information. Our site (Spectrum - spectrumnews.org) was designed and built by an external firm, so I wasn't familiar with every possible problem. However, this vulnerability was pretty significant and we're very grateful for the help, which came completely out of the blue.

Thanks!!!
@PacoMa25     14 November, 2017
    Twitter PacoMa25 Paco Ma from AAA:
Victor is very responsive, great thanks to him spotting XSS vulnerability on our website.
@ekbaumgarten     16 October, 2017
    Twitter ekbaumgarten Lucas from WT:
He was helpful and willing to help me.
Not only in correcting the reported vulnerability, but also in other suggestions for improving my website security.

Please login via Twitter to add a recommendation

Honor Badges


Number of Secured Websites

10+ Secured Websites Badge
50+ Secured Websites Badge
500+ Secured Websites Badge
Web Security Veteran Badge
10+ Websites
50+ Websites
500+ Websites
WEB SECURITY VETERAN
1000+ Websites

Advanced Security Research

WAF Bypasser Badge
CSRF Master Badge
AppSec Logic Master Badge
Fastest Fix Badge
WAF Bypasser
CSRF Master
30+ Reports
AppSec Logic Master
30+ Reports
Fastest Fix
Fix in 24 hours

Outstanding Achievements

Secured OBB Badge
OBB Advocate Badge
Improved OBB Badge
Secured OBB
OBB Advocate
Improved OBB

Commitment to Remediate and Patch

Patch Master Badge
Patch Guru Badge
Patch Lord Badge
Patch Master
55% Patched
Patch Guru
65% Patched
Patch Lord
75% Patched

Recommendations and Recognition

REPUTABLE Badge
FAMOUS Badge
GLOBALLY TRUSTED Badge
REPUTABLE
10+ Recommends
FAMOUS
25+ Recommends
GLOBALLY TRUSTED
50+ Recommends

Distinguished Blog Author

Distinguished Blog Author Badge
Distinguished Blog Author Badge
Distinguished Blog Author Badge
1 Post
3 Posts
5+ Posts

Research Statistics



Total reports:362
Total reports on VIP sites:10
Total patched vulnerabilities:143
Recommendations received:4
Active since:26.09.2017

Open Bug Bounty Certificate


Researcher Certificate

Reported Vulnerabilities

All Submissions VIP Submissions




No posts in blog yet










  Latest Patched

 30.11.2021 caption.me
 30.11.2021 phucanh.vn
 30.11.2021 aniview.com
 30.11.2021 animecorner.me
 30.11.2021 animekompi.web.id
 30.11.2021 animefillerlist.com
 30.11.2021 cntraveler.com
 30.11.2021 scoop.it
 30.11.2021 thomann.de
 30.11.2021 domaining.com

  Latest Blog Posts

11.11.2021 by mistry4592
The Most used Chrome Extensions are Used For Penetration Testing.
08.10.2021 by NNeuchi
How I Found My First Bug Reflected Xss On PIA.GOV.PH(Philippine Information Agency)
26.08.2021 by PyaePhyoThu98
eG Manager v7.1.2: Improper Access Control lead to Remote Code Execution (CVE-2020-8591)
14.07.2021 by Open Bug Bounty
Interview With Open Bug Bounty
25.05.2021 by 0xrocky
Google XSS Game

  Recent Recommendations

@martin_ouwehand     30 November, 2021
    Twitter martin_ouwehand:
We thank KhanJanny for his responsible disclosure of an XSS in one of our Web sites
@chrisbeach     29 November, 2021
    Twitter chrisbeach:
Helped me fix a bug on my site - thanks joe-grizzly!
@chrisbeach     27 November, 2021
    Twitter chrisbeach:
Thanks very much for reporting a bug in my website
@chrisbeach     27 November, 2021
    Twitter chrisbeach:
Thanks for spotting a bug on my website. This is now fixed
@HR4YOU_AG     23 November, 2021
    Twitter HR4YOU_AG:
Thanks H_chabik for reporting an issue with our website!