Only the latest version of any website, software, or API is supported.
Security vulnerability must not be made public. Instead, they must be privately reported to one of the Modslides maintainers:
Your report will be reviewed within 7 days via a follow-up email to the reply-to field on your original email.
If a reply-to field is not present, we will follow up with the email address you used to send the email.
It is advised to provide a backup email address if you cannot access your primary email address, along with your Modslides username if applicable.
If we follow up on your report and you do not reply within 14 days, your report will automatically be discarded. You will receive a notification about this and you will need to create another report if you wish to continue.
For security reasons, we do not accept email address domains that has one of the following TLDs (top-level domains):
| .tk | .ml | .ga | .cf | .gq |
|---|
- Brute force attacks (e.g. guessing passwords)
- DoS or DDoS attacks
- Timing attacks
- Self-exploitation (e.g. self-XSS)
- Services not fully controlled by Modslides
- Social engineering or phishing
Where possible, please also report vulnerabilities if the root cause is from another source, such as an npm package.
All other security vulnerabilities are in-scope and allowed to be tested, to a certain extent.
- Modslides will not take any legal action against users for disclosing vulnerabilities that abide by our guidelines, stated below
- Security vulnerabilities take priority over other issues, such as regular bugs
- Only Modslides maintainers will be notified of security vulnerabilities
- You must not test out-of-scope vulnerabilities
- You must not disclose vulnerabilities to anyone else until proper instructions from Modslides maintainers
- You may only test on Modslides accounts you directly own
- Testing must not affect other users, positively or negatively
- If you think testing may involve permanent or hard-to-recover damage, please do not test further and report the vulnerability
- Bug Hunter badge on Modslides Network
- White Hat badge on Modslides Network
- 11,000 Modslides Rubies Modslides Network (worth US$29.99)
- 1 month of Discord Nitro Classic (worth US$4.99), for major security vulnerabilities only
All other rewards, regardless of given by a Modslides maintainer, are unofficial and personal.