Program Removed
This program is no longer available on YesWeHack. The scope data shown below is historical and may not reflect the final state of the program.
openproject
1
In Scope
7
Out of Scope
In-Scope Assets (1)
| Asset | Category | Bounty | Quick Links | |
|---|---|---|---|---|
| https://github.com/opf/openproject | CODE | Yes | - |
Out-of-Scope Assets (7)
| Asset | Category | Bounty | |
|---|---|---|---|
| any asset that is not explicitly included in our program's scope | OTHER | Yes | |
| any depreciated versions and other versions than the current stable/official version are considered out of scope except if specified otherwise in the program’s rules | OTHER | Yes | |
| any local implementation of the project/implementation belonging to third parties | OTHER | Yes | |
| any third parties’ or community’s assets that are not explicitly included (e.g. forks, libraries or packages) | OTHER | Yes | |
| development configurations, plugins or images, such as the development or all-in-one docker containers, or running application in non-production modes and configurations | OTHER | Yes | |
| libraries and protocols with known limitations and gems already in update maintenance (e.g., omniauth < 2 csrf protections, carrierwave) | OTHER | Yes | |
| third parties such as security researchers already involved in active security audits, or already opened reports | OTHER | Yes |
Scope Changes (24)
Feb 25, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Program Removed | — | — | — | 16:08 |
Feb 22, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Added | any depreciated versions and other versions than the current stable/official version are considered out of scope except if specified otherwise in the program’s rules | OTHER | Out of Scope | 00:51 |
| Added | libraries and protocols with known limitations and gems already in update maintenance (e.g., omniauth < 2 csrf protections, carrierwave) | OTHER | Out of Scope | 00:51 |
| Added | any local implementation of the project/implementation belonging to third parties | OTHER | Out of Scope | 00:51 |
| Added | third parties such as security researchers already involved in active security audits, or already opened reports | OTHER | Out of Scope | 00:51 |
| Added | https://github.com/opf/openproject | CODE | In Scope | 00:51 |
| Added | any asset that is not explicitly included in our program's scope | OTHER | Out of Scope | 00:51 |
| Added | any third parties’ or community’s assets that are not explicitly included (e.g. forks, libraries or packages) | OTHER | Out of Scope | 00:51 |
| Added | development configurations, plugins or images, such as the development or all-in-one docker containers, or running application in non-production modes and configurations | OTHER | Out of Scope | 00:51 |
Feb 21, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Removed | https://github.com/opf/openproject | OPEN-SOURCE | In Scope | 21:40 |
| Removed | any asset that is not explicitly included in our program's scope | OTHER | Out of Scope | 21:40 |
| Removed | any third parties’ or community’s assets that are not explicitly included (e.g. forks, libraries or packages) | OTHER | Out of Scope | 21:40 |
| Removed | development configurations, plugins or images, such as the development or all-in-one docker containers, or running application in non-production modes and configurations | OTHER | Out of Scope | 21:40 |
| Removed | any depreciated versions and other versions than the current stable/official version are considered out of scope except if specified otherwise in the program’s rules | OTHER | Out of Scope | 21:40 |
| Removed | libraries and protocols with known limitations and gems already in update maintenance (e.g., omniauth < 2 csrf protections, carrierwave) | OTHER | Out of Scope | 21:40 |
| Removed | any local implementation of the project/implementation belonging to third parties | OTHER | Out of Scope | 21:40 |
| Removed | third parties such as security researchers already involved in active security audits, or already opened reports | OTHER | Out of Scope | 21:40 |
| Added | any asset that is not explicitly included in our program's scope | OTHER | Out of Scope | 00:33 |
| Added | any third parties’ or community’s assets that are not explicitly included (e.g. forks, libraries or packages) | OTHER | Out of Scope | 00:33 |
| Added | development configurations, plugins or images, such as the development or all-in-one docker containers, or running application in non-production modes and configurations | OTHER | Out of Scope | 00:33 |
| Added | any depreciated versions and other versions than the current stable/official version are considered out of scope except if specified otherwise in the program’s rules | OTHER | Out of Scope | 00:33 |
| Added | libraries and protocols with known limitations and gems already in update maintenance (e.g., omniauth < 2 csrf protections, carrierwave) | OTHER | Out of Scope | 00:33 |
| Added | any local implementation of the project/implementation belonging to third parties | OTHER | Out of Scope | 00:33 |
| Added | third parties such as security researchers already involved in active security audits, or already opened reports | OTHER | Out of Scope | 00:33 |