If you have found a security issue, and it's not already known, then please send a report to [click to see email address].


We will investigate legitimate reports and make every effort to quickly resolve any vulnerability. To encourage responsible reporting, we will not take legal action against you nor ask law enforcement to investigate you provided you make a good faith effort to avoid causing harm to us, our users, and anyone else. This includes avoiding privacy violations, destruction of data, and interruption or degradation of services.


The following test types are excluded from the scope:

The following issue types are excluded from scope:

We encourage hackers to read Web Hacking 101 and Breaking into Information Security: Learning the Ropes 101 to get a good idea of the type of issues that we are looking for.

We may modify the above guidelines at any time. Last update: January 18, 2018.

Hall of Fame

Thanks to the following researchers (most recent first) for having reported security issues to us via email:

  1. EdOverflowhttps://github.com/liberapay/liberapay.com/pull/467

Thanks to all hackers who have disclosed security issues to Gratipay on Hackerone, some of which also applied to Liberapay.

Thanks to the following people (most recent first) for having alerted Gratipay about security issues through other means:

  1. Sergey Bobrovhttps://github.com/gratipay/security-flh0cu/issues/1
  2. BALAJI P Rhttps://github.com/gratipay/security-2a443f/issues/1
  3. BALAJI P Rhttps://github.com/gratipay/security-f4b75c/issues/1
  4. benhc123https://github.com/gratipay/gratipay.com/issues/2978
  5. Drew Callahanhttps://github.com/gratipay/security-00001/issues/1
  6. Nitin Goplanihttps://github.com/gratipay/gratipay.com/issues/2235
  7. danishtariqhttps://github.com/gratipay/gratipay.com/issues/1536
  8. kudu adamziajahttps://github.com/gratipay/gratipay.com/issues/1460
  9. @Brkay_Aydinhttps://twitter.com/Brkay_Aydin/status/377611459942817792
  10. greggleshttps://github.com/gratipay/gratipay.com/commit/addbbda0eab0efa2d45272c99e689f7
  11. @kamilsevihttps://github.com/gratipay/gratipay.com/issues/1042
  12. dstuffthttps://twitter.com/dstufft/status/319607503061131266
  13. wilkie & buttscicleshttps://github.com/gratipay/gratipay.com/issues/722
  14. d0ugal, jacobian & spookylukeyhttps://github.com/gratipay/gratipay.com/issues/88