Hack Me!


Demo only: Do not submit actual vulnerabilities to this program

  • $150 – $2,500 per vulnerability
  • Partial safe harbor

Program stats

127 vulnerabilities rewarded

Validation within about 2 months
75% of submissions are accepted or rejected within about 2 months

$366.66 average payout (last 3 months)

Latest hall of famers

Recently joined this program

1986 total


Please note: This program does not allow disclosure. You may not release information about vulnerabilities found in this program to the public.

Use this program for testing the Bugcrowd platform: submit whatever you like without penalty. Try to break it or tell us a story.

Submissions to this program will not be rewarded and will not earn points.

This program is not monitored by Bugcrowd staff. If you believe have a found legitimate vulnerability in the Bugcrowd platform, please submit it to our bug bounty program.

Reward range

Last updated

Technical severity Reward range
p1 Critical $2,100 - $2,500
p2 Severe $1,000 - $1,250
p3 Moderate $450 - $600
p4 Low $150 - $200
P5 submissions do not receive any rewards for this program.


In scope

Target name Type
Testing the Bugcrowd platform Other
*.bugcrowd.com Website
All IT-Managed Third-Party Services and Infrastructure Other

Out of scope

Target name Type
www.bugcrowd.com Website
docs.bugcrowd.com Website

Embedded Submission Form

This program features an embedded submission form. This form is an integration with Bugcrowd that customers can host on their own website to take in submissions (via an iframe), and we encourage you to test it.

Program rules

This program follows Bugcrowd’s standard disclosure terms.

This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.