Bug Bounty Program

Help us keep Reviews.ml secure. Find bugs, report them responsibly, and earn rewards.

Report a Vulnerability

Reward Tiers

Critical
$5,000 - $10,000

Remote code execution, database access

High
$1,000 - $5,000

Authentication bypass, significant data exposure

Medium
$250 - $1,000

XSS, CSRF with impact

Low
$50 - $250

Minor information disclosure

In Scope
Types of vulnerabilities we reward
  • Authentication and authorization flaws
  • Data exposure vulnerabilities
  • Cross-site scripting (XSS)
  • SQL injection
  • Server-side request forgery (SSRF)
  • Remote code execution
  • Business logic flaws
Out of Scope
Issues not eligible for rewards
  • Denial of service (DoS) attacks
  • Social engineering
  • Physical security issues
  • Issues requiring unlikely user interaction
  • Outdated browsers or plugins
  • Content injection without security impact

Program Rules

  • Do not access, modify, or delete data that does not belong to you
  • Do not perform actions that could harm the availability of our services
  • Report vulnerabilities promptly and do not disclose publicly until fixed
  • Provide sufficient detail for us to reproduce and fix the issue
  • One vulnerability per report (unless chained for impact)
  • First reporter of a valid vulnerability receives the reward

Found a Vulnerability?

Please report it to our security team. We appreciate your help!

security@reviews.ml