Vulnerability Disclosure Program (VDP)

VDPs are meant for responsibly reporting vulnerabilities you encounter — not for actively hunting for fame or reputation. Even if you're just starting out, consider focusing on rewarded bug bounty programs instead.

who-covid-19-mobile-app

HackerOneView on HackerOne
RawAI Enhanced
5
In Scope
2
Out of Scope
In-Scope Assets (5)
AssetCategoryBountyQuick Links
*.whocoronavirus.orgWILDCARDNo
crt.shGoogleShodanSecurityTrailsWaybackDNSdumpsterVirusTotalAlienVault OTXGitHubFofa
hack.whocoronavirus.orgURLNo
crt.shGoogleShodanSecurityTrailsWaybackDNSdumpsterVirusTotalAlienVault OTXGitHubFofa
https://github.com/WorldHealthOrganization/appCODENo-
int.who.WHOMyHealthIOSNo-
org.who.WHOMyHealthANDROIDNo
Play StoreAPKPureAPKMirror
Out-of-Scope Assets (2)
AssetCategoryBounty
*.who.intWILDCARDNo
covid19app.who.intURLNo
Scope Changes (21)
Feb 25, 2026
ChangeAssetCategoryScopeTime
Addedhttps://github.com/WorldHealthOrganization/appURLIn Scope19:13
Added*.whocoronavirus.orgWILDCARDIn Scope19:13
Addedhack.whocoronavirus.orgURLIn Scope19:13
Addedint.who.whomyhealthIOSIn Scope19:13
Addedcovid19app.who.intURLOut of Scope19:13
Added*.who.intWILDCARDOut of Scope19:13
Addedorg.who.whomyhealthANDROIDIn Scope19:13
Feb 22, 2026
ChangeAssetCategoryScopeTime
Addedcovid19app.who.intURLOut of Scope00:43
Addedint.who.whomyhealthIOSIn Scope00:43
Addedorg.who.whomyhealthANDROIDIn Scope00:43
Added*.who.intWILDCARDOut of Scope00:43
Addedhack.whocoronavirus.orgURLIn Scope00:43
Added*.whocoronavirus.orgWILDCARDIn Scope00:43
Addedhttps://github.com/WorldHealthOrganization/appURLIn Scope00:43
Feb 21, 2026
ChangeAssetCategoryScopeTime
Addedhack.whocoronavirus.orgURLIn Scope19:12
Addedcovid19app.who.intURLOut of Scope19:12
Added*.who.intWILDCARDOut of Scope19:12
Addedorg.who.whomyhealthANDROIDIn Scope19:12
Addedint.who.whomyhealthIOSIn Scope19:12
Addedhttps://github.com/WorldHealthOrganization/appCODEIn Scope19:12
Added*.whocoronavirus.orgWILDCARDIn Scope19:12