Zola VDP

  • Safe harbor
  • Managed by Bugcrowd

We no longer offer point rewards for submissions on this program. Please refer to our blog post: How Bugcrowd sees VDPs and points for more details.

Program stats

9 vulnerabilities accepted

Validation within 3 days
75% of submissions are accepted or rejected within 3 days

Latest hall of famers

Recently joined this program

Zola recognizes the importance of security, privacy, and community. We value the input of the security community and welcome the opportunity to collaborate with community members to maintain a high standard for our users and to create a more secure Internet.

We take security issues seriously. If you believe you've identified a vulnerability within our products, we would like to know about it. We'll investigate all submissions and do our best to fix issues. Thank you for taking an interest in making the Internet safer!


For the initial prioritization/rating of findings, this program will use the Bugcrowd Vulnerability Rating Taxonomy. However, it is important to note that in some cases a vulnerability priority will be modified, in Zola’s sole but reasonable discretion, due to its likelihood or impact. In any instance where an issue is downgraded, a full, detailed explanation will be provided to the researcher - along with the opportunity to appeal, and make a case for a higher priority.

Certain vulnerabilities may exist on multiple endpoints within the same entity and may be considered as duplicates of each other. It is still recommended that you report them, as the team will investigate to see if they are unique. However, please note that subsequent submissions may be marked as Not Applicable to prevent points farming. An example would be create/read/update/delete endpoints for the same entity with IDOR vulnerability.


Program rules

This program follows Bugcrowd’s standard disclosure terms.

For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please email support@bugcrowd.com. We will address your issue as soon as possible.