Open-source vulnerability disclosure and bug bounty program database

Tools, data, and contact lists relevant to The disclose.io Project.

Misc bounty and vulndisc things

The First Open Source Bug Bounty Platform

Mapping from bug bounty and vulnerability disclosure programs to respective GitHub organizations

Open-source vulnerability disclosure policy templates.

Vulnerability analysis and proof of concepts

A standard allowing organizations to nominate security contact points and policies via DNS TXT records.

A free, open-source, multi-lingual, template-based VDP policy, safe harbor clause, securitytxt, and DNS Security TXT generator.

A Python client for the Global CVE Allocation System.

Vultron is a protocol for Coordinated Vulnerability Disclosure

Content for the CERT Guide to Coordinated Vulnerability Disclosure

A collection of templates for generating vulnerability disclosure policies. (NOTE: As of 2024, these templates are now part of the CERT Guide to Coordinated Vulnerability Disclosure, see link in README.)

The Disclose.io Status best practice seal.

Exploit and report for CVE-2023-23396.

🍵 Specification for security commit messages

A curated list of Public Bug Bounty, Responsible Disclosure, Vulnerability Disclosure Programs sourced from Community & Internet.

Artifact for the paper "AI-related Vulnerabilities within CVEs: Are We Ready Yet? A Study of Vulnerability Disclosure in AI Products" accepted at AISec'25 co-located with ACM CCS

Security vulnerability research for AIxBlock bug bounty - Critical application stability issues identified and resolved

This repo documents a flaw where APNs delivered push notifications using a cached, expired token—despite failed token lookups and no app re-registration. Background daemons processed the message without an active app context, enabling covert push behavior and violating expected token lifecycle rules.