Vulnerability Disclosure Program (VDP)

VDPs are meant for responsibly reporting vulnerabilities you encounter — not for actively hunting for fame or reputation. Even if you're just starting out, consider focusing on rewarded bug bounty programs instead.

bitwarden

HackerOneView on HackerOne

RawAI Enhanced

In Scope

Out of Scope

In-Scope Assets (18)

Asset	Category	Bounty	Quick Links
9pjsdv0vpk04	BINARY	No	-
api.bitwarden.com	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal
bitwarden.com	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal
com.8bit.bitwarden	IOS	No	-
com.bitwarden.authenticator	ANDROID	No	Play Store
com.bitwarden.authenticator	IOS	No	-
com.x8bit.bitwarden	ANDROID	No	Play Store
docs.passwordless.dev	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal
help.bitwarden.com	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal
https://addons.mozilla.org/en-US/firefox/addon/bitwarden-password-manager/	OTHER	No	-
https://addons.opera.com/extensions/details/bitwarden-free-password-manager/	OTHER	No	-
https://chrome.google.com/webstore/detail/bitwarden-free-password-m/nngceckbapebfimnlniiiahkandclblb?hl=en	OTHER	No	-
https://github.com/bitwarden	CODE	No	-
https://safari-extensions.apple.com/details/?id=com.bitwarden.safari-LTZ2PFU5D6	OTHER	No	-
https://www.npmjs.com/package/@bitwarden/mcp-server	OTHER	No	-
identity.bitwarden.com	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal
v4.passwordless.dev	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal
vault.bitwarden.com	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal