Private Packagist Bug Bounty Program

Private Packagist encourages users and independent security researchers to report detected security vulnerabilities. We appreciate the work of independent security researchers who review and test our service for security vulnerabilities because it makes Private Packagist more secure. We offer a bug bounty for the report of reproducible and unreported security vulnerabilities.

The amount of the bounty depends on the severity of the vulnerability as determined by Private Packagist and there is no guaranteed right to payment of a bounty.

Recommended Blogs

How I turned Self XSS to Stored via CSRF

Abhishek

•

Nov 29, 2019

Duplicate Registration - The Twinning Twins

Jerry Shah

•

Feb 8, 2021

Social Engineering - A 50 Euro Bug

Jerry Shah

•

Jun 22, 2022