• $25 – $500 per vulnerability
  • Up to $500 maximum reward
  • Partial safe harbor
  • Managed by Bugcrowd

Program stats

173 vulnerabilities rewarded

Validation within about 14 hours
75% of submissions are accepted or rejected within about 14 hours

$190 average payout (last 3 months)

Latest hall of famers

Recently joined this program

978 total


Please note: This program does not allow disclosure. You may not release information about vulnerabilities found in this program to the public.

We appreciate all security concerns brought forth and are constantly striving to keep on top of the latest threats. Being proactive rather than reactive to emerging security issues is a fundamental belief at InVision. Every day new security issues and attack vectors are created. InVision strives to keep abreast on the latest state-of-the-art security developments by working with security researchers and companies. We appreciate the community's efforts in creating a more secure world.

Scope and rewards

Reward range

Last updated

Technical severity Reward range
p1 Critical $350 - $500
p2 Severe $150 - $300
p3 Moderate $75 - $100
p4 Low $25 - $50
P5 submissions do not receive any rewards for this program.

Program rules

This program follows Bugcrowd’s standard disclosure terms.

This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.

This bounty requires explicit permission to disclose the results of a submission.