Vulnerability Disclosure Program (VDP)

VDPs are meant for responsibly reporting vulnerabilities you encounter — not for actively hunting for fame or reputation. Even if you're just starting out, consider focusing on rewarded bug bounty programs instead.

concretecms

HackerOneView on HackerOne

RawAI Enhanced

In Scope

Out of Scope

In-Scope Assets (1)

Asset	Category	Bounty	Quick Links
https://github.com/concrete5/concrete5	CODE	No	-

Out-of-Scope Assets (3)

Asset	Category	Bounty
*.concrete5.org	WILDCARD	No
*.concretecms.com	WILDCARD	No
*.concretecms.org	WILDCARD	No

Scope Changes (21)

Mar 27, 2026

Change	Asset	Category	Scope	Time
Added	*.concretecms.com	WILDCARD	Out of Scope	09:21
Added	https://github.com/concrete5/concrete5	CODE	In Scope	09:21
Added	*.concrete5.org	WILDCARD	Out of Scope	09:21
Added	*.concretecms.org	WILDCARD	Out of Scope	09:21
Added	*.concretecms.com	WILDCARD	Out of Scope	09:21
Added	https://github.com/concrete5/concrete5	CODE	In Scope	09:21
Added	*.concrete5.org	WILDCARD	Out of Scope	09:21
Added	*.concretecms.org	WILDCARD	Out of Scope	09:21

Mar 25, 2026

Change	Asset	Category	Scope	Time
Program Removed	—	—	—	15:40

Feb 25, 2026

Change	Asset	Category	Scope	Time
Added	*.concrete5.org	WILDCARD	Out of Scope	19:08
Added	*.concretecms.org	WILDCARD	Out of Scope	19:08
Added	*.concretecms.com	WILDCARD	Out of Scope	19:08
Added	https://github.com/concrete5/concrete5	CODE	In Scope	19:08

Feb 22, 2026

Change	Asset	Category	Scope	Time
Added	https://github.com/concrete5/concrete5	CODE	In Scope	00:40
Added	*.concrete5.org	WILDCARD	Out of Scope	00:40
Added	*.concretecms.org	WILDCARD	Out of Scope	00:40
Added	*.concretecms.com	WILDCARD	Out of Scope	00:40

Feb 21, 2026

Change	Asset	Category	Scope	Time
Added	https://github.com/concrete5/concrete5	CODE	In Scope	19:11
Added	*.concrete5.org	WILDCARD	Out of Scope	19:11
Added	*.concretecms.org	WILDCARD	Out of Scope	19:11
Added	*.concretecms.com	WILDCARD	Out of Scope	19:11