Private Packagist Bug Bounty Program

Private Packagist encourages users and independent security researchers to report detected security vulnerabilities. We appreciate the work of independent security researchers who review and test our service for security vulnerabilities because it makes Private Packagist more secure. We offer a bug bounty for the report of reproducible and unreported security vulnerabilities.

The amount of the bounty depends on the severity of the vulnerability as determined by Private Packagist and there is no guaranteed right to payment of a bounty.

Recommended Blogs

Account Takeover - Smoking with 'null'

Jerry Shah

•

Feb 25, 2021

My First Bug Bounty - How I Earned $1,000 With One Simple Step

Kailasv

•

Oct 2, 2025

How I Found a Critical Password Reset Bug in the BB program(and Got $4,000)

Imran Hossain

•

Oct 8, 2025