Bug Bounty Program
Please carefully read our program guidelines here.
Pricing Model
| P1 – Critical | P2 – High | P3 – Medium |
|---|---|---|
| $1000-$1500 | $500-$1000 | $100-$500 |
Payouts
- For critical issues (P1), we will respond within one month.
- For high or medium issues (P2, P3), we will respond within two months.
- Once an issue is approved, we will process the payment within one month, no later than the 5th of the following month.
- Out-of-scope issues – while these reports may not qualify for a bounty, we encourage users to report any bugs they find. Even if a bounty isn’t awarded, the gesture is appreciated as an act of goodwill.
Severity Definitions
| Priority / Severity | Vulnerability Types |
|---|---|
| P1 – Critical | Remote Code Execution Local file inclusion SQL Injection Account Takeover without user interaction XML External Entity (XXE) |
| P2 – High | Sensitive Information Disclosure (API/Website/Mobile) Horizontal Privilege Escalation Vertical Privilege Escalation |
| P3 – Medium | SSRF with minimal impact XSS (Blind, Stored, Reflected) CSRF able to change sensitive content Subdomain Takeover |
| Out of Scope (Unless there is a significant impact) | Sensitive data stored in plain text Open Redirect CSRF with minimal impact Session issues API key disclosure without exploitation HTML Injection Text Injection Rate Limiting Denial of Service Attacks Content Spoofing Self-XSS or XSS that only affects old browsers Clickjacking User/Email enumeration Host Header Injection Reflected file download Misconfigured Headers |