Participation Guidelines

Huntr is a vulnerability disclosure program for open source software that powers AI. We provide a platform to simplify the vulnerability disclosure process for security researchers and maintainers. We provide bounties to reward security researchers who find impactful and practical vulnerabilities in the open source AI ecosystem and to maintainers who fix them.

Maintainers are often solo or small teams of volunteers. Due to this, we have a responsibility to maintainers to avoid overwhelming them with low quality reports and respect their decisions when they do not feel that a vulnerability is impactful enough to warrant the issuance of a public CVE. The Huntr team reserves the right to overrule a maintainer’s choice of not issuing a CVE if the report is deemed a significant security risk to a large number of users, however, we will generally respect a maintainers request on these matters. As a general guideline, reports without a clear real world impact will be marked as informative by the Huntr team if the maintainer doesn’t participate in the triage of the report. A good question to ask yourself before submitting a report as a researcher: is this vulnerability likely to be exploited in the wild and does it impact a significant percentage of the project’s users?


We accept reports for all targets listed on our Bounties page.

Out of Scope

We will typically reject reports if they are:

  • Non-code level (e.g. network or physical) vulnerabilities
  • Outdated dependencies in the target
    • Exception: report may be valid if the outdated dependency contains a vulnerability which is exploitable within the project
  • Vulnerabilities in test/demonstration code
  • Vulnerabilities that affect live systems such as websites
  • Related to secrets/private keys
  • Vulnerabilities where the proof of concept is shown against a 3rd party-hosted version of the project in scope
    • Only vulnerabilities demonstrated in self-hosted deployments from the Bounties page are in scope
  • Vulnerabilities in any service, product or repository owned or maintained by Protect AI, or any of its subsidiaries

To view our Protect AI's vulnerability disclosure policies, please visit

Validation Guidelines

To ensure the timely and appropriate review of your reports, we request that you:

  • Provide a proof of concept (PoC) that clearly demonstrates impact and that the vulnerability being reported is exploitable in real-world scenarios; high quality PoCs when applicable:
    • cURL requests
    • Metasploit modules
    • Python scripts
  • Be concise, longer reports are not necessarily better
  • Specify exactly how you deployed the project such as any extra arguments used

Vulnerabilities Likely to be Marked Informational

The Huntr team will likely mark the issues below as informational unless maintainers specifically request validation.

  • Any security issues related to CI/CD
    • Example: GitHub Actions command injection
  • Any issues related to bad TLS certificates
  • Any issues related to payment bypasses or pricing plan bypasses that don't have security implications
  • Any security issues that first require paying to access to specific features in order to exploit
  • Local Re-DOSes that are not remotely exploitable
  • Blind or otherwise limited Server-Side Request Forgeries (SSRF)
  • Command injection in a locally-installed library which is not remotely exploitable
    • Exception: If the library is known to be commonly used as part of remotely accessible applications
  • HTML/Markdown injection in text fields
    • Exception: Cross-Site Scripting (XSS) attacks which trigger immediately
  • Lack of Rate Limiting
  • Missing HTTP security headers
    • Examples: clickjacking, missing HttpOnly cookie flags, missing HSTS headers
  • Exceptions triggered in local libraries without networking components
  • Metadata not stripped from uploaded images
  • CSV injection
  • Self-XSS or XSS attacks which do not automatically trigger
    • Example: uploading an SVG image with an XSS payload which requires the user to visit the direct URL of the image to trigger
  • Local libraries that allow Pickle files to be loaded
    • Exception: libraries with builtin networking components such as HTTP/API servers that allow remote users to upload Pickle files to achieve remote code execution

Life of a Report

1. Disclose

All vulnerability disclosures must go through our form. To be eligible for a bounty, your disclosure must go through our process, unless explicitly stated by one of the site admins.

When the security researcher submits their vulnerability report, we will acknowledge receipt of this disclosure by sending them an e-mail. The e-mail will be sent to the address linked to their registered account. This report is private by default, and only the reporter, contacted maintainers and site admins can view it.

2. Validate

Once a disclosure is submitted, the maintainer of the vulnerable codebase will be invited to validate or invalidate the vulnerability with the security researcher. If validated, the disclosing researcher will be rewarded a bounty and a CVE will be assigned to the vulnerability (if applicable).

The Huntr team will manually validate/invalidate reports within a 45 day window if there is no maintainer response.

3. Patch

By default, maintainers are encouraged to patch the vulnerability themselves, and notify us of the relevant patch commit SHA. A bounty will then be rewarded to the maintainer that has patched the vulnerability. If needed, the reporting researcher is welcome to submit a patch through our platform as well.

To submit a fix, the researcher or maintainer will provide us with a repository and branch name, indicating where the patch exists. This will immediately notify the maintainer, where they can review the submitted fix and ultimately, decide if it patches the vulnerability. Once the maintainer confirms the upstream commit SHA for the patch, the related fixer will be rewarded a bounty.

4. Publish

Reports (and any applicable CVE) are automatically queued for publication 90 days after being created. Maintainers may make reasonable requests for extension past this 90 day period.

You can find a list of our published vulnerabilities on our hacktivity page.


We pay bounties each month, typically on the 25th, via Stripe Connect. For the first month that you are due a payment, you will receive an email requesting you to create a Stripe Connect account. There you will need to provide your identity and payment information so that your account can be verified. Once your account is verified, you will receive an email confirming the details of your payout. In subsequent months, you will only receive an email confirming the details of your payout.

Stripe Connect supports payouts to most countries. You can see the full list of supported countries here. If your country is not in this list, we will not be able to process a payout to you, but instead can offer to donate your payout to charity.


By accessing and using our Website, you acknowledge and agree that you are subject to the following conditions:

Eligibility: By participating in our Bug Bounty Platform, you confirm that you are not a citizen or resident of any country where such participation is prohibited by applicable laws, decrees, regulations, treaties, or administrative acts.

Sanctions and Embargoes: You further confirm that you are not a citizen or resident of, or located in, a country or region that is subject to U.S. or other sovereign country sanctions or embargoes.

Restricted Entities: Additionally, you acknowledge that you are not an individual employed by or associated with an entity identified on the U.S. Department of Commerce's Denied Persons or Entity List, the U.S. Department of Treasury's Specially Designated Nationals or Blocked Persons Lists, or the Department of State's Debarred Parties List. You must also be eligible to receive items subject to U.S. export control laws and regulations or comply with other economic sanction rules of any sovereign nation.

Age Requirement: Our Website is not intended for use by children under the age of 13. If you have not reached the age of majority in your jurisdiction of primary residence and citizenship, you must obtain your parents' permission to use this Website.

Relevant Laws: You must abide by all relevant laws and respect a project's policies (e.g. Terms & Conditions, Security Policy), as defined on their GitHub/Website.

By accessing and using our Bug Bounty Platform, you agree to abide by these eligibility requirements. Failure to meet any of the specified criteria may result in disqualification from participation in the program. We appreciate your commitment to ensuring compliance with all relevant laws and regulations to promote a safe and responsible bug hunting environment.

We appreciate your understanding and compliance with these additional terms.


We do not accept vulnerability disclosures over e-mail, but we encourage security researchers to contact us if they require any support or help in the process. Our team can be contacted at We look to respond to support queries as soon as possible.