• $25 – $500 per vulnerability
  • Up to $500 maximum reward
  • Partial safe harbor

Program stats

  • Vulnerabilities rewarded 182
  • Validation within 3 days 75% of submissions are accepted or rejected within 3 days

Latest hall of famers

Recently joined this program

1103 total


Please note: This program does not allow disclosure. You may not release information about vulnerabilities found in this program to the public.

We appreciate all security concerns brought forth and are constantly striving to keep on top of the latest threats. Being proactive rather than reactive to emerging security issues is a fundamental belief at InVision. Every day new security issues and attack vectors are created. InVision strives to keep abreast on the latest state-of-the-art security developments by working with security researchers and companies. We appreciate the community's efforts in creating a more secure world.

We update the application as often as weekly, so please check back for new functionality!

  • Review our Release Notes for more information but please note this may not be comprehensive of all changes that impact your research as it is written for customers.

InVision also believes in providing an Open Scope for the researcher community

  • Our highest rewards can be found on the InVision V7 Program
  • Regarding Out-of-Scope We will deduct points for research on our sites that customers interact with, outlined in OOS, as we ask that you limit your research to the sites listed below.
  • Findings outside of the scope will be reviewed for impact but determination of rewards, points based or monetary, will be at the discretion of the InVision team.

Scope and rewards

Program rules

This program follows Bugcrowd’s standard disclosure terms.

For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please email We will address your issue as soon as possible.

This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.

This bounty requires explicit permission to disclose the results of a submission.