Vulnerability Disclosure Program (VDP)
VDPs are meant for responsibly reporting vulnerabilities you encounter — not for actively hunting for fame or reputation. Even if you're just starting out, consider focusing on rewarded bug bounty programs instead.
rubygems
4
In Scope
9
Out of Scope
In-Scope Assets (4)
| Asset | Category | Bounty | Quick Links | |
|---|---|---|---|---|
| Malicious or compromised gem | OTHER | No | - | |
| https://github.com/rubygems/rubygems | CODE | No | - | |
| rubygems.org | URL | No | ||
| shipit.rubygems.org | URL | No |
Out-of-Scope Assets (9)
| Asset | Category | Bounty | |
|---|---|---|---|
| blog.rubygems.org | URL | No | |
| guide.rubygems.org | URL | No | |
| help.rubygems.org | URL | No | |
| http://rubygems.org/names | URL | No | |
| https://s3-us-west-2.amazonaws.com/rubygems-dumps | URL | No | |
| stats.rubygems.org | URL | No | |
| status.rubygems.org | URL | No | |
| support.rubygems.org | URL | No | |
| uptime.rubygems.org | URL | No |
Scope Changes (34)
Mar 30, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Removed | https://github.com/rubygems/rubygems | CODE | In Scope | 01:21 |
Feb 25, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Added | https://github.com/rubygems/rubygems | CODE | In Scope | 19:09 |
| Added | support.rubygems.org | URL | Out of Scope | 19:09 |
| Added | uptime.rubygems.org | URL | Out of Scope | 19:09 |
| Added | blog.rubygems.org | URL | Out of Scope | 19:09 |
| Added | status.rubygems.org | URL | Out of Scope | 19:09 |
| Added | rubygems.org | URL | In Scope | 19:09 |
| Added | malicious or compromised gem | OTHER | In Scope | 19:09 |
| Added | shipit.rubygems.org | URL | In Scope | 19:09 |
| Added | help.rubygems.org | URL | Out of Scope | 19:09 |
| Added | https://s3-us-west-2.amazonaws.com/rubygems-dumps | URL | Out of Scope | 19:09 |
| Added | http://rubygems.org/names | URL | Out of Scope | 19:09 |
| Added | guide.rubygems.org | URL | Out of Scope | 19:09 |
| Added | stats.rubygems.org | URL | Out of Scope | 19:09 |
Feb 24, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Removed | rubygems.org | URL | In Scope | 10:15 |
| Removed | gem server command | OTHER | Out of Scope | 10:15 |
Feb 22, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Added | support.rubygems.org | URL | Out of Scope | 00:40 |
| Added | guide.rubygems.org | URL | Out of Scope | 00:40 |
| Added | rubygems.org | URL | In Scope | 00:40 |
| Added | https://s3-us-west-2.amazonaws.com/rubygems-dumps | URL | Out of Scope | 00:40 |
| Added | http://rubygems.org/names | URL | Out of Scope | 00:40 |
| Added | gem server command | OTHER | Out of Scope | 00:40 |
| Added | uptime.rubygems.org | URL | Out of Scope | 00:40 |
| Added | blog.rubygems.org | URL | Out of Scope | 00:40 |
| Added | stats.rubygems.org | URL | Out of Scope | 00:40 |
| Added | status.rubygems.org | URL | Out of Scope | 00:40 |
| Added | https://github.com/rubygems/rubygems | URL | In Scope | 00:40 |
| Added | malicious or compromised gem | OTHER | In Scope | 00:40 |
| Added | shipit.rubygems.org | URL | In Scope | 00:40 |
| Added | help.rubygems.org | URL | Out of Scope | 00:40 |
Feb 21, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Removed | rubygems.org | URL | In Scope | 21:38 |
| Removed | https://github.com/rubygems/rubygems | CODE | In Scope | 21:38 |
| Added | malicious or compromised gem | OTHER | In Scope | 19:11 |
| Added | shipit.rubygems.org | URL | In Scope | 19:11 |