Bug Bounty Programs

Uphold is a global digital financial platform that enables users to buy, sell, and trade a wide range of assets, including cryptocurrencies, traditional fiat currencies, and precious metals. Operating in 140+ countries and supporting 300+ assets, Uphold provides secure multi-asset trading, instant transactions, and enterprise financial solutions. As a blockchain business, trust and security are fundamental to our success. Our reputation and brand image depend on maintaining the highest security standards, which is why security is a top priority at Uphold. This bug bounty program is a key part of our commitment to proactively identifying and mitigating security risks before they can impact our users or financial systems. As a researcher, you will be analyzing Uphold’s web applications, APIs, and mobile platforms, which facilitate multi-asset trading, financial transactions, and account management. Your contributions will help protect user funds, ensure transaction integrity, and enhance authentication security in a highly regulated financial environment. Review the program scope, rules of engagement, and testing guidelines carefully before submitting a report. We reward well-documented, high-impact security findings that strengthen the safety of our platform and uphold the trust of our users.

Soundtrack Your Brand offers music streaming services for businesses. We serve small customers like the café around the corner or larger brands like McDonald’s. Through our service customers have total control over the music and can manage locations across the world. We provide a wide variety of playback options, from mobile apps to custom hardware, that our customers use to play music at their venues. They manage their account, music and locations via our web app.

Zen by Aikido is an embedded security engine for autonomously protecting applications against common web attacks, like shell injection and SQL injection. We do so by hooking into sinks, validating them together with the incoming user input and in case the request is malicious, we block the request. It's similar to a traditional WAF, but with the full context of the called code and the user's input.

Tomorrowland is one of the most-loved and best-known music festivals on the planet. Because of this Tomorrowland usually sells out in minutes and manages a large fanbase. Tomorrowland also innovates by providing its visitors cashless onsite payments and a wide range of online services. This has increased Tomorrowland's digital footprint. We value all help we can get securing this digital footprint.

Who is OVO? - We launched in 2009 with a belief that energy could be better. We’re helping UK homes on the Path to Zero. https://www.ovoenergy.com/about What do we do? - OVO is a leading energy technology company determined to create a world with clean, affordable energy for everyone. Relationship to bug bounty? - No technology is perfect and OVO believes that working with skilled security researchers across the globe is crucial in identifying weaknesses in any technology.

SimScale is a browser-based, online engineering simulation platform that provides powerful modeling and simulation capabilities. With in-browser 3D visualization, scalable on-demand computing capacity, the SimScale platform enables a new way of using simulation technology. SimScale integrates a broad variety of simulation software tools for structural mechanics, fluid dynamics, and thermodynamics. The SimScale team and our partners are constantly expanding the features of the platform.

De Lijn is the Flemish public transportation company dedicated to giving their customers a comfortable and quick ride. Due the fact that we use the latest IT equipment and servers is our security ought to be at the top of our game. For this program we are putting the focus at our web clients, APIs and of course the mobile application.

"Digitaal Vlaanderen" is the IT and digital transformation departement within the Flanders’ governmental IT. Positioned as the digital gateway and data broker between all Flemish government entities, we want to be at the top of our game. Our security ought to be too. For this program we are focusing at first instance on some of our main assets.

Venly is a blockchain technology company providing developer-friendly solutions to help businesses seamlessly integrate Web3 capabilities into their applications. Our mission is to make blockchain accessible for everyone by offering secure, scalable, and easy-to-use tools for developers, enterprises, and end users. With a strong focus on user experience, security, and innovation, Venly delivers a suite of blockchain infrastructure solutions, including: * Venly Wallet – A secure, multi-chain digital wallet solution with a user-friendly UI and developer API for seamless blockchain asset management. * Venly NFT Tools – A complete NFT suite enabling brands and game developers to integrate digital collectibles effortlessly. * Venly Onboarding Solutions – Secure authentication and blockchain identity solutions that simplify Web3 adoption. Venly’s enterprise-grade security and compliance standards ensure businesses can safely leverage blockchain technology while maintaining top-level security and regulatory alignment. Our tools are trusted by global brands, gaming studios, and financial institutions to power next-generation decentralized applications. This program focuses primarily on Venly Wallet UI and Wallet API, which provide secure and accessible blockchain wallet solutions for businesses and users worldwide.

DataCamp’s mission is to democratize data skills for everyone. Companies and teams of every size use DataCamp to close their data skill gaps and make better data-driven decisions. Data science and analytics are rapidly shaping every aspect of our lives and our businesses. There is incredible power in data—but only if you know what to do with it. DataCamp teaches 1,600+ companies and 7 million individuals from 180+ countries the skills they need to work with data in the real world.

Grafana Labs is the company behind Grafana, Loki, Mimir and Tempo, the leading open source software for visualizing operational data. We are thrilled to invite you to participate in our bug bounty program in partnership with Grafana Labs' security team. Before beginning your research, we kindly request that you carefully review this program's scope. This will ensure that your efforts align with our objectives and that you receive proper compensation for any findings that meet the program's criteria. Happy hacking!

We're an independent, not-for-profit membership organisation that supports the infrastructure of the Internet through technical coordination in our service region. Our most prominent activity is to act as the Regional Internet Registry (RIR) providing global Internet resources and related services (IPv4, IPv6 and AS Number resources) to members in our service region.

Creators of hit computer game franchises Bloons, Bloons TD and SAS: Zombie Assault for mobile and web. We have offices in Auckland, New Zealand and Dundee, Scotland. We are excited to engage with the security community to help us keep our users safe and our services secure. This is our second Bug Bounty program after a successful campaign in 2021.

Welcome to Yahoo Yahoo is a global media and advertising company connecting people to their passions. With one of the largest online audiences in the world, Yahoo brings people closer to what they love — from finance and commerce, to gaming and news — with the trusted products, content, and tech that fuel their day. For partners, we provide a full-stack platform to amplify businesses and drive more meaningful connections across advertising, search, and media.

Ubisoft is a leading video game company, the creators of original and immersive worlds like Assassin's Creed, Far Cry, The Crew, Rainbow Six and Watch Dogs. We welcome the reporting of security vulnerabilities that would help us protect our players and assets.

Red Bull appreciates the work of security researchers to make the internet a better - and more secure - place. Even though we aim to prevent security issues by applying state-of-the art development and operations processes, systems and technical services outside our direct control might have vulnerabilities and weaknesses and we aim to identify and address those before any negative impact occurs. As appreciation we have a unique reward system in place, please see FAQ for more information.

At Veriff we are passionate about creating a safer environment online. Our mission is to bring transparency to the digital world. We take the security of our systems seriously, and we value the security community. The disclosure of security vulnerabilities helps us ensure the security and privacy of our users. We ask all researchers to follow the guidelines provided.

Intergamma is the biggest DIY retailer of The Netherlands and Belgium with three brands: GAMMA Nederland, GAMMA België, and KARWEI. We have almost 400 DIY stores and operate three eCommerce websites. Our strategy is to be the best omnichannel retailer of the Netherlands and Belgium. This means offline and online are converging, and eCommerce is a growth market. Therefore a secure platform is paramount. For more information on our organization please visit https://www.intergamma.nl/

Moralis is a blockchain technology platform providing developers with backend infrastructure for building and scaling decentralized applications (dapps). This page is a safe way for you to communicate found bugs in a responsible way. All contributions are highly appreciated.

Newpharma is the largest online pharmacy in Belgium. It was the first to dispense medicines over the internet without a prescription in Belgium. Newpharma also offers you a broad range of drugstore products: cosmetics, natural and well-being products and specialist products for babies, children or the elderly at low prices throughout the year. Important note: Please limit your automated tools to 1 request/sec. DDoS or brute force attacks are strictly forbidden!

Welcome to the Monzo public bug bounty program! 🚀 At Monzo we aim to create a banking service that makes our customers financial lives better and easier. Our mantra is “make money work for everyone” and we mean it! 👍 We have created several apps to provide intuitive, helpful, and enjoyable experiences across our range of products 💖. We won’t sacrifice security though! So if you find a security bug in one of our apps or services, this is the place to report it! Happy hunting!

Sqills provides the leading inventory, reservation, and ticketing system for the bus and rail industry – S3 Passenger. At Sqills we are on a constant journey of innovation, discovery and global market leadership. Our corporate website provides general information about Sqills.

Welcome! WP Engine invites you to evaluate our products and platforms. WP Engine equips its customers with a suite of agility, performance, intelligence, and integration solutions, so you can build and deploy a range of online experiences from campaign sites to content hubs to e-commerce extensions. Good luck and happy hunting!

Oda.com and Mathem.se is the leading online grocery storesin Norway and Sweden.