Bounty Awards

We provide rewards to vulnerability reporters at our discretion. The following are guidelines to indicate typical reward amounts.

Critical
$1,500

Systemic compromise

Examples: remote code execution, SQL injection with significant impact, and vertical authentication bypasses.

High
$900

Access to other user's private data

Examples: Stored XSS or CSRF with significant impact, iInternal SSRF, IDOR with significant impact, and lateral authentication bypasses.

Medium
$300

Limited access to other user's private data

Examples: Reflective XSS with impact, CSRF, IDOR, and open redirects with impact.

Low
$100

Configuration issues and other vulnerabilities with limited impact

Examples: Misconfigurations including SPF and SSL, CSRF, and XSS vulnerabilities with limited impact.