Vulnerability Disclosure Program (VDP)
VDPs are meant for responsibly reporting vulnerabilities you encounter — not for actively hunting for fame or reputation. Even if you're just starting out, consider focusing on rewarded bug bounty programs instead.
gapinc
11
In Scope
8
Out of Scope
In-Scope Assets (11)
| Asset | Category | Bounty | Quick Links | |
|---|---|---|---|---|
| https://api.gap.com/ | URL | No | ||
| https://api.gap.com/credit_cards/v1/?external_customer_id= | URL | No | ||
| https://apps.apple.com/us/app/gap/id326347260 | IOS | No | - | |
| https://gap.com | URL | No | ||
| https://gap.com/checkout | URL | No | ||
| https://gap.com/shopping-bag | URL | No | ||
| https://play.google.com/store/apps/details?id=com.skava.hybridapp.gap&hl=en_US&gl=US | ANDROID | No | ||
| https://secure-www.gap.com | URL | No | ||
| https://secure-www.gap.com/checkout/place-order/ | URL | No | ||
| https://secure-www.gap.com/checkout/place-order/xapi/place-order-action | URL | No | ||
| https://secure-www.gap.com/checkout/place-order/xapi/update-payment-method-action | URL | No |
Out-of-Scope Assets (8)
| Asset | Category | Bounty | |
|---|---|---|---|
| *.gap.com.mx | URL | No | |
| *.gaptech.com | URL | No | |
| *.liverpool.com.* | URL | No | |
| Intermix | URL | No | |
| Janie & Jack | URL | No | |
| Recruiting - jobs.gapinc.com, careersblog.gapinc.com | URL | No | |
| equality.gapinc.com | URL | No | |
| investors.gapinc.com | URL | No |
Scope Changes (106)
Mar 6, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Added | https://apps.apple.com/us/app/gap/id326347260 | IOS | In Scope | 07:48 |
| Added | https://apps.apple.com/us/app/gap/id326347260 | IOS | In Scope | 07:48 |
| Added | equality.gapinc.com | URL | Out of Scope | 07:48 |
| Added | investors.gapinc.com | URL | Out of Scope | 07:48 |
| Added | recruiting - jobs.gapinc.com, careersblog.gapinc.com | URL | Out of Scope | 07:48 |
| Added | *.gaptech.com | URL | Out of Scope | 07:48 |
| Added | *.gap.com.mx | URL | Out of Scope | 07:48 |
| Added | *.liverpool.com.* | URL | Out of Scope | 07:48 |
| Added | janie & jack | URL | Out of Scope | 07:48 |
| Added | intermix | URL | Out of Scope | 07:48 |
| Added | intermix | URL | Out of Scope | 07:48 |
| Added | https://gap.com/shopping-bag | URL | In Scope | 07:48 |
| Added | https://gap.com/checkout | URL | In Scope | 07:48 |
| Added | https://secure-www.gap.com/checkout/place-order/xapi/place-order-action | URL | In Scope | 07:48 |
| Added | https://play.google.com/store/apps/details?id=com.skava.hybridapp.gap&hl=en_US&gl=US | ANDROID | In Scope | 07:48 |
| Added | https://gap.com | URL | In Scope | 07:48 |
| Added | https://secure-www.gap.com/checkout/place-order | URL | In Scope | 07:48 |
| Added | equality.gapinc.com | URL | Out of Scope | 07:48 |
| Added | *.gaptech.com | WILDCARD | Out of Scope | 07:48 |
| Added | *.gap.com.mx | WILDCARD | Out of Scope | 07:48 |
| Added | *.liverpool.com.* | WILDCARD | Out of Scope | 07:48 |
| Added | https://secure-www.gap.com/checkout/place-order/xapi/update-payment-method-action | URL | In Scope | 07:48 |
| Added | https://api.gap.com/credit_cards/v1?external_customer_id= | URL | In Scope | 07:48 |
| Added | https://secure-www.gap.com | URL | In Scope | 07:48 |
| Added | investors.gapinc.com | URL | Out of Scope | 07:48 |
| Added | recruiting - jobs.gapinc.com, careersblog.gapinc.com | URL | Out of Scope | 07:48 |
| Added | recruiting - jobs.gapinc.com, careersblog.gapinc.com | URL | Out of Scope | 07:48 |
| Added | janie & jack | URL | Out of Scope | 07:48 |
| Added | https://api.gap.com/ | URL | In Scope | 07:48 |
| Added | https://gap.com | URL | In Scope | 07:48 |
| Added | https://gap.com/shopping-bag | URL | In Scope | 07:48 |
| Added | https://gap.com/checkout | URL | In Scope | 07:48 |
| Added | https://secure-www.gap.com/checkout/place-order | URL | In Scope | 07:48 |
| Added | https://secure-www.gap.com/checkout/place-order/xapi/update-payment-method-action | URL | In Scope | 07:48 |
| Added | https://secure-www.gap.com/checkout/place-order/xapi/place-order-action | URL | In Scope | 07:48 |
| Added | https://api.gap.com/credit_cards/v1?external_customer_id= | URL | In Scope | 07:48 |
| Added | https://api.gap.com/ | URL | In Scope | 07:48 |
| Added | https://secure-www.gap.com | URL | In Scope | 07:48 |
| Added | https://play.google.com/store/apps/details?id=com.skava.hybridapp.gap&hl=en_US&gl=US | ANDROID | In Scope | 07:48 |
| Program Removed | — | — | — | 06:54 |
| Program Removed | — | — | — | 05:54 |
| Program Removed | — | — | — | 04:54 |
| Program Removed | — | — | — | 03:54 |
| Program Removed | — | — | — | 02:54 |
| Program Removed | — | — | — | 01:54 |
| Program Removed | — | — | — | 00:54 |
Mar 5, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Program Removed | — | — | — | 23:54 |
Feb 26, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Added | https://gap.com/shopping-bag | URL | In Scope | 00:04 |
| Added | https://secure-www.gap.com/checkout/place-order | URL | In Scope | 00:04 |
| Added | https://secure-www.gap.com/checkout/place-order/xapi/update-payment-method-action | URL | In Scope | 00:04 |
| Added | https://api.gap.com/credit_cards/v1?external_customer_id= | URL | In Scope | 00:04 |
| Added | https://secure-www.gap.com | URL | In Scope | 00:04 |
| Added | recruiting - jobs.gapinc.com, careersblog.gapinc.com | URL | Out of Scope | 00:04 |
| Added | recruiting - jobs.gapinc.com, careersblog.gapinc.com | URL | Out of Scope | 00:04 |
| Added | *.gaptech.com | WILDCARD | Out of Scope | 00:04 |
| Added | https://apps.apple.com/us/app/gap/id326347260 | IOS | In Scope | 00:04 |
| Added | investors.gapinc.com | URL | Out of Scope | 00:04 |
| Added | *.gap.com.mx | WILDCARD | Out of Scope | 00:04 |
| Added | https://gap.com | URL | In Scope | 00:04 |
| Added | janie & jack | URL | Out of Scope | 00:04 |
| Added | https://gap.com/checkout | URL | In Scope | 00:04 |
| Added | intermix | URL | Out of Scope | 00:04 |
| Added | https://secure-www.gap.com/checkout/place-order/xapi/place-order-action | URL | In Scope | 00:04 |
| Added | https://api.gap.com/ | URL | In Scope | 00:04 |
| Added | https://play.google.com/store/apps/details?id=com.skava.hybridapp.gap&hl=en_US&gl=US | ANDROID | In Scope | 00:04 |
| Added | equality.gapinc.com | URL | Out of Scope | 00:04 |
| Added | *.liverpool.com.* | WILDCARD | Out of Scope | 00:04 |
Feb 25, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Added | https://gap.com | URL | In Scope | 17:16 |
| Added | https://gap.com/shopping-bag | URL | In Scope | 17:16 |
| Added | https://gap.com/checkout | URL | In Scope | 17:16 |
| Added | https://secure-www.gap.com/checkout/place-order | URL | In Scope | 17:16 |
| Added | https://secure-www.gap.com/checkout/place-order/xapi/update-payment-method-action | URL | In Scope | 17:16 |
| Added | https://secure-www.gap.com/checkout/place-order/xapi/place-order-action | URL | In Scope | 17:16 |
| Added | https://api.gap.com/credit_cards/v1?external_customer_id= | URL | In Scope | 17:16 |
| Added | https://api.gap.com/ | URL | In Scope | 17:16 |
| Added | https://secure-www.gap.com | URL | In Scope | 17:16 |
| Added | https://play.google.com/store/apps/details?id=com.skava.hybridapp.gap&hl=en_US&gl=US | ANDROID | In Scope | 17:16 |
| Added | https://apps.apple.com/us/app/gap/id326347260 | IOS | In Scope | 17:16 |
| Added | equality.gapinc.com | URL | Out of Scope | 17:16 |
| Added | investors.gapinc.com | URL | Out of Scope | 17:16 |
| Added | recruiting - jobs.gapinc.com, careersblog.gapinc.com | URL | Out of Scope | 17:16 |
| Added | *.gaptech.com | URL | Out of Scope | 17:16 |
| Added | *.gap.com.mx | URL | Out of Scope | 17:16 |
| Added | *.liverpool.com.* | URL | Out of Scope | 17:16 |
| Added | janie & jack | URL | Out of Scope | 17:16 |
| Added | intermix | URL | Out of Scope | 17:16 |
| Added | https://api.gap.com/ | URL | In Scope | 17:16 |
| Added | https://play.google.com/store/apps/details?id=com.skava.hybridapp.gap&hl=en_US&gl=US | ANDROID | In Scope | 17:16 |
| Added | investors.gapinc.com | URL | Out of Scope | 17:16 |
| Added | *.gaptech.com | WILDCARD | Out of Scope | 17:16 |
| Added | https://apps.apple.com/us/app/gap/id326347260 | IOS | In Scope | 17:16 |
| Added | *.liverpool.com.* | WILDCARD | Out of Scope | 17:16 |
| Added | janie & jack | URL | Out of Scope | 17:16 |
| Added | https://gap.com/shopping-bag | URL | In Scope | 17:16 |
| Added | https://gap.com/checkout | URL | In Scope | 17:16 |
| Added | https://secure-www.gap.com | URL | In Scope | 17:16 |
| Added | intermix | URL | Out of Scope | 17:16 |
| Added | https://gap.com | URL | In Scope | 17:16 |
| Added | equality.gapinc.com | URL | Out of Scope | 17:16 |
| Added | recruiting - jobs.gapinc.com, careersblog.gapinc.com | URL | Out of Scope | 17:16 |
| Added | recruiting - jobs.gapinc.com, careersblog.gapinc.com | URL | Out of Scope | 17:16 |
| Added | *.gap.com.mx | WILDCARD | Out of Scope | 17:16 |
| Added | https://secure-www.gap.com/checkout/place-order | URL | In Scope | 17:16 |
| Added | https://secure-www.gap.com/checkout/place-order/xapi/update-payment-method-action | URL | In Scope | 17:16 |
| Added | https://secure-www.gap.com/checkout/place-order/xapi/place-order-action | URL | In Scope | 17:16 |
| Added | https://api.gap.com/credit_cards/v1?external_customer_id= | URL | In Scope | 17:16 |