Vulnerability Disclosure Program (VDP)

VDPs are meant for responsibly reporting vulnerabilities you encounter — not for actively hunting for fame or reputation. Even if you're just starting out, consider focusing on rewarded bug bounty programs instead.

peloton

HackerOneView on HackerOne
RawAI Enhanced
5
In Scope
1
Out of Scope
Scope Changes (18)
Feb 25, 2026
ChangeAssetCategoryScopeTime
Addedcosmos-stage.onepeloton.comURLIn Scope19:19
Addedqa1-cms.onepeloton.comURLIn Scope19:19
Addedwww.onepeloton.comURLIn Scope19:19
Addedsecurity vulnerabilities that are identified in peloton products or in website domains owned, operated, or controlled by peloton that are not listed above are oosOTHEROut of Scope19:19
Addedcms.onepeloton.comURLIn Scope19:19
Addedcosmos.onepeloton.comURLIn Scope19:19
Feb 22, 2026
ChangeAssetCategoryScopeTime
Addedcms.onepeloton.comURLIn Scope00:48
Addedcosmos.onepeloton.comURLIn Scope00:48
Addedcosmos-stage.onepeloton.comURLIn Scope00:48
Addedqa1-cms.onepeloton.comURLIn Scope00:48
Addedwww.onepeloton.comURLIn Scope00:48
Addedsecurity vulnerabilities that are identified in peloton products or in website domains owned, operated, or controlled by peloton that are not listed above are oosOTHEROut of Scope00:48
Feb 21, 2026
ChangeAssetCategoryScopeTime
Addedcms.onepeloton.comURLIn Scope19:12
Addedcosmos.onepeloton.comURLIn Scope19:12
Addedcosmos-stage.onepeloton.comURLIn Scope19:12
Addedqa1-cms.onepeloton.comURLIn Scope19:12
Addedwww.onepeloton.comURLIn Scope19:12
Addedsecurity vulnerabilities that are identified in peloton products or in website domains owned, operated, or controlled by peloton that are not listed above are oosOTHEROut of Scope19:12