Submitting Reports

You can submit your found vulnerabilities to programs by submitting reports.

In order to submit reports:

  1. Go to a program's security page.

h1 security page

  1. Click the green Submit Report button.
  2. Select the asset type of the vulnerability on the Submit Vulnerability Report form.

asset

  1. Select the weakness or the type of potential issue you've discovered.

weakness

  1. (Optional) Select the severity of the vulnerability. You can use the CVSS calculator to determine the severity.

severity

  1. Write up your proof of concept. State:

    • What the vulnerability is.
    • The steps to reproduce the vulnerability.
    • What kind of impact an attacker can make if they were to exploit the vulnerability.

proof of concept

  1. (Optional) Attach screenshots, demo videos, or any other helpful material. Don't share videos by adding a link to them in the report. You can only include videos if you attach the file directly to the report. This is to ensure the vulnerability isn't accessible to others before being disclosed.

attach screenshots

  1. Review your report details in the preview window. You won't be able to edit your details after submitting the report.

report preview window

  1. Click Submit Report.

After you've submitted your report, you must wait for programs to respond to your submission.

Restricted From Submissions