Mailgun
- $100 – $1,500 per vulnerability
Program stats
52 vulnerabilities rewarded
Validation within
8 days
75% of submissions are accepted or rejected within
8 days
$450 average payout (last 3 months)
Latest hall of famers
Recently joined this program
Disclosure
Please note: This program does not allow disclosure. You may not release information about vulnerabilities found in this program to the public.
Mailgun empowers developers by allowing them to easily integrate email into their applications. With our powerful API, users can build apps that send, receive, and track emails in real time using a combination of standard protocols. We work hard to keep Mailgun high performing and secure for our user community. Help us make our products even better and earn rewards by reporting potential vulnerabilities.
Rewards
This program adheres to the Bugcrowd Vulnerability Rating Taxonomy for the prioritization/rating of findings.
Reward Range
Last updated| Technical severity | Reward range |
|---|---|
| p1 Critical | $1,000 - $1,500 |
| p2 Severe | $600 - $1,000 |
| p3 Moderate | $200 - $600 |
| p4 Low | $100 - $200 |
Targets
In scope
| Target name | Type |
|---|---|
https://app.mailgun.com
|
Website |
https://signup.mailgun.com
|
Website |
https://api.mailgun.net
|
API |
Out of scope
| Target name | Type |
|---|---|
https://www.mailgun.com/
|
Website |
https://documentation.mailgun.com
|
Website |
Any domain/property of Mailgun not listed in the targets section is out of scope. This includes any/all subdomains not listed above.
Access
For testing purposes, you're free to create your own accounts to do so, please sign up at https://signup.mailgun.com/new/signup with your @bugcrowdninja.com ('username'@bugcrowdninja.com) email address (for more information regarding your @bugcrowdninja email, please see this doc: https://researcherdocs.bugcrowd.com/docs/your-bugcrowdninja-email-address).
Focus Areas
- API used by Mailgun: Documentation
- The Mailgun Application: User Manual
Program rules
This program follows Bugcrowd’s standard disclosure terms.
This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.