Vulnerability Disclosure Program (VDP)

VDPs are meant for responsibly reporting vulnerabilities you encounter — not for actively hunting for fame or reputation. Even if you're just starting out, consider focusing on rewarded bug bounty programs instead.

thefork-b2c-wng

BugcrowdView on Bugcrowd

RawAI Enhanced

In Scope

Out of Scope

In-Scope Assets (13)

Asset	Category	Bounty	Quick Links
https://*.tools.thefork.tech	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal
https://api.lafourchette.com	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal
https://api.thefork.com	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal
https://apps.apple.com/app/thefork-restaurants-bookings/id424850908	IOS	No	-
https://blog.thefork.com/	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal
https://google-reserve-api.thefork.io	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal
https://m-api.lafourchette.com	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal
https://m.thefork.com	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal
https://play.google.com/store/apps/details?id=com.lafourchette.lafourchette	ANDROID	No	Play Store
https://review-api.lafourchette.com	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal
https://widget.thefork.com	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal
https://www.restaurant-information.com	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal
https://www.thefork.com/	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal

Out-of-Scope Assets (5)

Asset	Category	Bounty
Customer semi-login / PartialLogin feature	URL	No
https://.eltenedor.	URL	No
https://www.lafourchette.com	URL	No
https://www.thefork.*	URL	No
module.thefork.com	URL	No