Vulnerability Disclosure Program (VDP)
VDPs are meant for responsibly reporting vulnerabilities you encounter — not for actively hunting for fame or reputation. Even if you're just starting out, consider focusing on rewarded bug bounty programs instead.
supabase
10
In Scope
7
Out of Scope
In-Scope Assets (10)
| Asset | Category | Bounty | Quick Links | |
|---|---|---|---|---|
| api.supabase.com | URL | No | ||
| https://*.database.dev/ | WILDCARD | No | ||
| https://github.com/supabase | CODE | No | - | |
| https://github.com/supabase-community/supabase-mcp | URL | No | ||
| https://mcp.supabase.com/mcp | URL | No | ||
| https://multiplayer.dev | URL | No | ||
| https://supabase.help | URL | No | ||
| https://supabase.link | URL | No | ||
| https://supabase.store | URL | No | ||
| supabase.com | URL | No |
Out-of-Scope Assets (7)
| Asset | Category | Bounty | |
|---|---|---|---|
| db.*.supabase.co | WILDCARD | No | |
| https://*.supabase.co | WILDCARD | No | |
| https://api.supabase.com/platform/pg-meta/project_id/query | URL | No | |
| https://ctf.supabase.com | URL | No | |
| https://github.com/supabase-community/ | CODE | No | |
| https://supabase.dev/ | URL | No | |
| https://supabase.productions/ | URL | No |