Vulnerability Disclosure Program (VDP)

VDPs are meant for responsibly reporting vulnerabilities you encounter — not for actively hunting for fame or reputation. Even if you're just starting out, consider focusing on rewarded bug bounty programs instead.

smule

HackerOneView on HackerOne

RawAI Enhanced

In Scope

Out of Scope

In-Scope Assets (7)

Asset	Category	Bounty	Quick Links
*.smule.com	WILDCARD	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
com.smule.autorap.*	IOS	No	-
com.smule.autorap.*	ANDROID	No	Play Store APKPure APKMirror
com.smule.magicpiano.*	IOS	No	-
com.smule.magicpiano.*	ANDROID	No	Play Store APKPure APKMirror
com.smule.sing.*	IOS	No	-
com.smule.singandroid.*	ANDROID	No	Play Store APKPure APKMirror

Scope Changes (14)

Mar 11, 2026

Change	Asset	Category	Scope	Time
Added	com.smule.singandroid.*	ANDROID	In Scope	10:39
Added	com.smule.magicpiano.*	IOS	In Scope	10:39
Added	com.smule.magicpiano.*	ANDROID	In Scope	10:39
Added	com.smule.autorap.*	IOS	In Scope	10:39
Added	com.smule.autorap.*	ANDROID	In Scope	10:39
Added	com.smule.sing.*	IOS	In Scope	10:39
Added	*.smule.com	WILDCARD	In Scope	10:39
Added	com.smule.sing.*	IOS	In Scope	10:39
Added	*.smule.com	WILDCARD	In Scope	10:39
Added	com.smule.singandroid.*	ANDROID	In Scope	10:39
Added	com.smule.magicpiano.*	IOS	In Scope	10:39
Added	com.smule.magicpiano.*	ANDROID	In Scope	10:39
Added	com.smule.autorap.*	IOS	In Scope	10:39
Added	com.smule.autorap.*	ANDROID	In Scope	10:39