Vulnerability Disclosure Program (VDP)
VDPs are meant for responsibly reporting vulnerabilities you encounter — not for actively hunting for fame or reputation. Even if you're just starting out, consider focusing on rewarded bug bounty programs instead.
supabase
10
In Scope
8
Out of Scope
In-Scope Assets (10)
| Asset | Category | Bounty | Quick Links | |
|---|---|---|---|---|
| api.supabase.com | URL | No | ||
| https://*.database.dev/ | WILDCARD | No | ||
| https://github.com/supabase | CODE | No | - | |
| https://github.com/supabase-community/supabase-mcp | URL | No | ||
| https://mcp.supabase.com/mcp | URL | No | ||
| https://multiplayer.dev | URL | No | ||
| https://supabase.help | URL | No | ||
| https://supabase.link | URL | No | ||
| https://supabase.store | URL | No | ||
| supabase.com | URL | No |
Out-of-Scope Assets (8)
| Asset | Category | Bounty | |
|---|---|---|---|
| db.*.supabase.co | WILDCARD | No | |
| https://*.supabase.co | WILDCARD | No | |
| https://api.supabase.com/platform/pg-meta/project_id/query | URL | No | |
| https://ctf.supabase.com | URL | No | |
| https://github.com/supabase-community/ | CODE | No | |
| https://supabase.dev/ | URL | No | |
| https://supabase.productions/ | URL | No | |
| supabase.sh | URL | No |
Scope Changes (53)
Mar 31, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Added | supabase.sh | URL | Out of Scope | 08:22 |
| Added | supabase.sh | URL | Out of Scope | 08:22 |
Feb 25, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Added | https://multiplayer.dev | URL | In Scope | 19:20 |
| Added | api.supabase.com | URL | In Scope | 19:20 |
| Added | db.*.supabase.co | WILDCARD | In Scope | 19:20 |
| Added | *.supabase.co | WILDCARD | In Scope | 19:20 |
| Added | https://mcp.supabase.com/mcp | URL | In Scope | 19:20 |
| Added | supabase.com | URL | In Scope | 19:20 |
| Added | https://supabase.productions/ | URL | Out of Scope | 19:20 |
| Added | https://supabase.link | URL | In Scope | 19:20 |
| Added | https://supabase.store | URL | In Scope | 19:20 |
| Added | https://ctf.supabase.com | URL | Out of Scope | 19:20 |
| Added | https://api.supabase.com/platform/pg-meta/project_id/query | URL | Out of Scope | 19:20 |
| Added | https://github.com/supabase-community | URL | Out of Scope | 19:20 |
| Added | https://github.com/supabase-community/supabase-mcp | URL | In Scope | 19:20 |
| Added | https://supabase.help | URL | In Scope | 19:20 |
| Added | https://github.com/supabase | URL | In Scope | 19:20 |
| Added | *.database.dev | WILDCARD | In Scope | 19:20 |
| Added | https://supabase.dev/ | URL | Out of Scope | 19:20 |
Feb 22, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Added | https://github.com/supabase-community/supabase-mcp | URL | In Scope | 00:48 |
| Added | supabase.com | URL | In Scope | 00:48 |
| Added | *.database.dev | WILDCARD | In Scope | 00:48 |
| Added | https://supabase.store | URL | In Scope | 00:48 |
| Added | https://mcp.supabase.com/mcp | URL | In Scope | 00:48 |
| Added | https://multiplayer.dev | URL | In Scope | 00:48 |
| Added | https://supabase.help | URL | In Scope | 00:48 |
| Added | https://github.com/supabase-community | OTHER | Out of Scope | 00:48 |
| Added | https://api.supabase.com/platform/pg-meta/project_id/query | URL | Out of Scope | 00:48 |
| Added | https://supabase.productions/ | URL | Out of Scope | 00:48 |
| Added | https://supabase.dev/ | URL | Out of Scope | 00:48 |
| Added | api.supabase.com | URL | In Scope | 00:48 |
| Added | https://github.com/supabase | OTHER | In Scope | 00:48 |
| Added | https://supabase.link | URL | In Scope | 00:48 |
| Added | *.supabase.co | WILDCARD | Out of Scope | 00:48 |
| Added | db.*.supabase.co | WILDCARD | Out of Scope | 00:48 |
| Added | https://ctf.supabase.com | URL | Out of Scope | 00:48 |
Feb 21, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Added | https://ctf.supabase.com | URL | Out of Scope | 19:13 |
| Added | https://api.supabase.com/platform/pg-meta/project_id/query | URL | Out of Scope | 19:13 |
| Added | db.*.supabase.co | WILDCARD | Out of Scope | 19:13 |
| Added | https://supabase.dev/ | URL | Out of Scope | 19:13 |
| Added | https://supabase.productions/ | URL | Out of Scope | 19:13 |
| Added | https://github.com/supabase-community | CODE | Out of Scope | 19:13 |
| Added | *.supabase.co | WILDCARD | Out of Scope | 19:13 |
| Added | https://mcp.supabase.com/mcp | URL | In Scope | 19:13 |
| Added | https://github.com/supabase-community/supabase-mcp | URL | In Scope | 19:13 |
| Added | https://supabase.link | URL | In Scope | 19:13 |
| Added | https://supabase.help | URL | In Scope | 19:13 |
| Added | https://multiplayer.dev | URL | In Scope | 19:13 |
| Added | https://supabase.store | URL | In Scope | 19:13 |
| Added | https://github.com/supabase | CODE | In Scope | 19:13 |
| Added | *.database.dev | WILDCARD | In Scope | 19:13 |
| Added | api.supabase.com | URL | In Scope | 19:13 |
| Added | supabase.com | URL | In Scope | 19:13 |