Vulnerability Disclosure Program
Thank you for participating in the beta! Contributors will earn a badge on their profile at release, plus premium perks once the app fully launches. Additional perks depend on your contributions, but any help is appreciated <3
Report a Vulnerability
How to Provide Feedback
Below is a list of wanted feedback, but feel free to report anything you find!
Include:
- your profile username (if you want recognition/perks)
- summary/description
- steps to reproduce
- impact/attack chain
- suggested fix
If you adhere to the rules of our VDP and show true responsibler disclosure we will not take any legal action against you.
As per the safe harbor rules.
IN SCOPE
- File upload vulnerabilities / server checker bypass (non-aggresive PoC) CRITICAL
- Privilege escalation CRITICAL
- IDORs with demonstrated or well‑argued risk
- XSS MEDIUM-HIGH
- BAC attacks, especially with premium features CRITICAL
- SQL injection CRITICAL
OUT OF SCOPE
- Social engineering and phishing
- (D)DoS attacks
- Clickjacking
- Installing Backdoors
- Dropping tables
- Performing destructive defacement
- Account overtake on accounts that are not yours
- Bruteforcing
- Extortion
- Heavy use of automated/scanning tools
Rewards & Recognition
Contributors get badges, early perks, and recognition based on the quality and impact of feedback.
Report a VulnerabilityThank you again for helping us improve and secure our app and our users 💜