As contributors to open source and to the IT community in general, we value the work of independent security researchers.

If you’re good enough to spot a vulnerability on our site, we’d love to know about it. We’ll reward anyone who reports a critical vulnerability for the first time.

Just follow the guideline below to ensure that you qualify for a reward and don’t violate our Terms and Conditions.

Reporting vulnerabilities

  • To send us an email, please check our security.txt file.
  • Encrypt all sensitive information using our
    PGP Key
    Click this link to copy the PGP key.
  • Provide full details of the vulnerability so that we can quickly reproduce it.
  • Avoid disrupting or degrading our services in any way. Given the nature of our business, denial-of-service attacks are not welcome at all.
  • Don’t copy, delete, access, or change any data that doesn’t belong to you.
  • Don’t publicize any details of the vulnerability until we’ve had a chance to fix it.
We’ll try to get back to you within two working days.

Reporting fraud

If an unauthorized transaction was made on your payment card, please contact the issuing bank and the police to notify them about the suspicious activity.
If you need any more assistance, check our Help center.