Report a Vulnerability
Submit, help fixing, get kudos.
Start a Bug Bounty
Run your bounty program for free.
613,673 coordinated disclosures
393,525 fixed vulnerabilities
929 bug bounties with 1,869 websites
18,826 researchers, 1199 honor badges

Privacy and Security

We do not store, process or export any Personally Identifiable Information (PII) as defined in General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679).

To avoid storing any user-related data, we use external authentication via Twitter for everyone on the website. Connection to the website is available via HTTPS only.

Open Bug Bounty does not transfer any vulnerabilities, or vulnerability-related data, to any third-parties.

For privacy reasons, we also keep no logs of any activities of website owners or security researchers.

Terms and Conditions

Open Bug Bounty reserves the right to reject any Open Bug Bounty Program for any reason in its sole discretion.

Open Bug Bounty may terminate any Researcher's or Website Owner's access to and use of the Open Bug Bounty Platform, at Open Bug Bounty's sole discretion, at any time and without notice to the Researcher or Website Owner.

The site may contain links to third-party websites or resources. Open Bug Bounty provides these links only as a convenience and is not responsible for the content, products or services on or available from those websites or resources or links displayed on such websites. Researcher or Website Owner acknowledges sole responsibility for and assumes all risk arising from Researcher's or Website Owner's use of any third-party websites or resources.










  Latest Patched

 31.10.2020 adsglobe.com
 31.10.2020 huduser.gov
 30.10.2020 prensa-latina.cu
 30.10.2020 dek-d.com
 30.10.2020 123rf.com
 30.10.2020 t3n.de
 30.10.2020 489pro.com
 30.10.2020 dgtle.com
 29.10.2020 photobucket.com
 29.10.2020 istockphoto.com

  Latest Blog Posts

26.10.2020 by _r00t1ng_
Bypass Addslashes using Multibyte Character
26.10.2020 by _r00t1ng_
One Payload to Inject them all - MultiQuery Injection
26.10.2020 by _r00t1ng_
Routed SQL Injection
26.10.2020 by _r00t1ng_
DIOS the SQL Injectors Weapon
26.10.2020 by p4c3n0g3
How to find AngularJS XSS

  Recent Recommendations

@benskiddle     30 October, 2020
    Twitter benskiddle:
Great disclosure of an SQL injection bug with good details to replicate the issue. Thank you.
@MizoueShumpei     29 October, 2020
    Twitter MizoueShumpei:
Thank you very much for your help.
@adridder     28 October, 2020
    Twitter adridder:
Thank you for your help with this XSS vulnerability on our site. We appreciate the responsible reporting via openbugbounty.
@gaborvitez     28 October, 2020
    Twitter gaborvitez:
Ajaysen R found a reflected cross site scripting bug in one of our cgi scripts, this way he helped us improve the security of our website. He was really fast to react, working with him was really a pleasure. We are grateful for the issues he made us aware of.
@Jobe1986     28 October, 2020
    Twitter Jobe1986:
Thank you for your efforts and reporting the XSS vulnerability you found on my website.