• Points – $3,000 per vulnerability
  • Safe harbor
  • Managed by Bugcrowd

Program stats

112 vulnerabilities rewarded

Validation within 4 days
75% of submissions are accepted or rejected within 4 days

$200 average payout (last 3 months)

Recently joined this program

951 total

Statuspage launched in 2013 to give companies a better way to be more transparent with their customers. We recognize managing a status page outside of one’s own infrastructure can be a hassle, and hope to increase the transparency of the web by making it easier to do so.

Before you begin, please read and understand the Standard Disclosure Terms.

Below is a list of some of the vulnerability classes that we are seeking reports for:

  • Server-side Remote Code Execution (RCE)
  • Server-Side Request Forgery (SSRF)
  • Stored/Reflected Cross-site Scripting (XSS)
  • Cross-site Request Forgery (CSRF)
  • SQL Injection (SQLi)
  • XML External Entity Attacks (XXE)
  • Access Control Vulnerabilities (Insecure Direct Object Reference issues, etc)
  • Path/Directory Traversal Issues

Ensure you review the out of scope and exclusions list for further details.

Accessing Statuspage

Please visit to identify yourself as a security researcher, this will give you a free account for a month. You'll need to create an account and log in to view this page.

Scope and rewards

Reward range

Last updated

Technical severity Reward range
p1 Critical Up to: $3,000
p2 Severe Up to: $900
p3 Moderate Up to: $300
p4 Low Up to: $100
P5 submissions do not receive any rewards for this program.

Program rules

This program follows Bugcrowd’s standard disclosure terms.

This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.