Our disclosure process is now open source! 🎉

We reward for every valid disclosure you make.
Contributing with GitHub

Our bounty database is now open source! To disclose a vulnerability, open a pull request against our vulnerability database and get rewarded!

All of your disclosures will improve your GitHub contributions graph, so you get the best of both worlds. Open source contributions and some extra dollar! 💻💵

Get started


We pay $25 for every disclosure where:

The package has over 1000 downloads per month
The CVSS score is at least 3.0
A fix is not already available

Don't worry if your bounty doesn't meet these requirements. You will still get a bunch of credits! 💰
We will let you know when your disclosure has been accepted and the cash & credit rewards will be deposited into your account.
Our payments for disclosures and fixes are made on the 25th of each month, so make sure your PayPal address is up-to-date in your settings .
Disclose your findings