As contributors to open source and to the IT community in general, we value the work of independent security researchers.

If you’re good enough to spot a vulnerability in our site, we’d love to know about it. We’ll reward anyone who reports a critical vulnerability for the first time.

Just follow the guideline below to ensure that you qualify for a reward and that you don’t violate our Terms and Conditions.

If an unauthorised transaction was made on your payment card, please contact the issuing bank and the police to notify them about the suspicious activity.

Reporting vulnerabilities

  • To send us an email, please check our security.txt file.
  • Encrypt all sensitive information using our
    PGP Key
    Click this link to copy the PGP key.
  • Provide full details of the vulnerability so that we can easily reproduce it.
  • Avoid disrupting or degrading our services in any way. Given the nature of our business, denial-of-service attacks are not welcome at all.
  • Don’t copy, delete, access, or change any data that doesn’t belong to you.
  • Don’t publicise any details of the vulnerability until we’ve had a chance to fix it.
We’ll try to get back to you within 2 working days.