Vulnerability Disclosure Program (VDP)

VDPs are meant for responsibly reporting vulnerabilities you encounter — not for actively hunting for fame or reputation. Even if you're just starting out, consider focusing on rewarded bug bounty programs instead.

upwork

BugcrowdView on Bugcrowd
RawAI Enhanced
12
In Scope
14
Out of Scope

In-Scope Assets (12)

AssetCategoryBountyQuick Links
Direct ContractsURLNo-
Upwork - Android ApplicationANDROIDNo-
Upwork - Marketplace PortalURLNo-
Upwork - MessagesURLNo-
Upwork - Mobile Application AndroidANDROIDNo-
Upwork - Mobile Application IOSIOSNo-
Upwork - api.upwork.com/graphqlURLNo-
Upwork - iOS ApplicationIOSNo-
Upwork Dash Messenger Desktop Version (www.upwork.com/downloads)HARDWARENo-
api.upwork.com/graphqlURLNo
crt.shGoogleShodanSecurityTrailsWaybackDNSdumpsterVirusTotal
https://www.upwork.comURLNo
crt.shGoogleShodanSecurityTrailsWaybackDNSdumpsterVirusTotal
www.upwork.com/apiURLNo
crt.shGoogleShodanSecurityTrailsWaybackDNSdumpsterVirusTotal
Out-of-Scope Assets (14)
AssetCategoryBounty
Any Third-party ServicesOTHERNo
Any subdomain/domain/property not listed in the 'in scope' section, is out of scope.OTHERNo
Social media hijackingOTHERNo
careers.upwork.comOTHERNo
community.stage.upwork.comOTHERNo
community.upwork.comOTHERNo
e.upwork.comOTHERNo
pardot.upwork.comOTHERNo
signature.upwork.comOTHERNo
stage.upwork.comOTHERNo
status.upwork.comOTHERNo
support.upwork.comOTHERNo
tip.upwork.comURLNo
tip.upwork.comOTHERNo