Vulnerability Disclosure Program (VDP)
VDPs are meant for responsibly reporting vulnerabilities you encounter — not for actively hunting for fame or reputation. Even if you're just starting out, consider focusing on rewarded bug bounty programs instead.
starling_bank
12
In Scope
0
Out of Scope
In-Scope Assets (12)
| Asset | Category | Bounty | Quick Links | |
|---|---|---|---|---|
| api-openbanking.starlingbank.com | URL | No | ||
| api.starlingbank.com | URL | No | ||
| app.starlingbank.com | URL | No | ||
| com.starlingbank.android | ANDROID | No | ||
| developer.starlingbank.com | URL | No | ||
| help.starlingbank.com | URL | No | ||
| oauth.starlingbank.com | URL | No | ||
| openbanking.starlingbank.com | URL | No | ||
| payment-api.starlingbank.com | URL | No | ||
| token-api.starlingbank.com | URL | No | ||
| uk.co.starlingbank.Starling | IOS | No | - | |
| www.starlingbank.com | URL | No |
Scope Changes (36)
Feb 25, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Added | help.starlingbank.com | URL | In Scope | 19:11 |
| Added | developer.starlingbank.com | URL | In Scope | 19:11 |
| Added | api.starlingbank.com | URL | In Scope | 19:11 |
| Added | token-api.starlingbank.com | URL | In Scope | 19:11 |
| Added | openbanking.starlingbank.com | URL | In Scope | 19:11 |
| Added | api-openbanking.starlingbank.com | URL | In Scope | 19:11 |
| Added | payment-api.starlingbank.com | URL | In Scope | 19:11 |
| Added | www.starlingbank.com | URL | In Scope | 19:11 |
| Added | uk.co.starlingbank.starling | IOS | In Scope | 19:11 |
| Added | com.starlingbank.android | ANDROID | In Scope | 19:11 |
| Added | app.starlingbank.com | URL | In Scope | 19:11 |
| Added | oauth.starlingbank.com | URL | In Scope | 19:11 |
Feb 22, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Added | openbanking.starlingbank.com | URL | In Scope | 00:42 |
| Added | api-openbanking.starlingbank.com | URL | In Scope | 00:42 |
| Added | uk.co.starlingbank.starling | IOS | In Scope | 00:42 |
| Added | api.starlingbank.com | URL | In Scope | 00:42 |
| Added | token-api.starlingbank.com | URL | In Scope | 00:42 |
| Added | payment-api.starlingbank.com | URL | In Scope | 00:42 |
| Added | www.starlingbank.com | URL | In Scope | 00:42 |
| Added | com.starlingbank.android | ANDROID | In Scope | 00:42 |
| Added | app.starlingbank.com | URL | In Scope | 00:42 |
| Added | oauth.starlingbank.com | URL | In Scope | 00:42 |
| Added | help.starlingbank.com | URL | In Scope | 00:42 |
| Added | developer.starlingbank.com | URL | In Scope | 00:42 |
Feb 21, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Added | www.starlingbank.com | URL | In Scope | 19:12 |
| Added | uk.co.starlingbank.starling | IOS | In Scope | 19:12 |
| Added | com.starlingbank.android | ANDROID | In Scope | 19:12 |
| Added | app.starlingbank.com | URL | In Scope | 19:12 |
| Added | oauth.starlingbank.com | URL | In Scope | 19:12 |
| Added | help.starlingbank.com | URL | In Scope | 19:12 |
| Added | developer.starlingbank.com | URL | In Scope | 19:12 |
| Added | api.starlingbank.com | URL | In Scope | 19:12 |
| Added | token-api.starlingbank.com | URL | In Scope | 19:12 |
| Added | openbanking.starlingbank.com | URL | In Scope | 19:12 |
| Added | api-openbanking.starlingbank.com | URL | In Scope | 19:12 |
| Added | payment-api.starlingbank.com | URL | In Scope | 19:12 |