Getting started
Learn about vulnerability types 
Getting started in bug bounties 
Test your knowledge
Free Web Application Challenges
Guides for your hunts 
ZSeano's Methodology
Effective Note Taking for bug bounties
Useful Resources 
Disclosed HackerOne Reports 
Our community
Endorsed Members
Hackevents 
Member Articles Nord Security Program Statistics
7 total issues disclosed
$1,100 total paid publicly
Most disclosed (1 disclosures) — OS Command Injection
Disclosed Reports
| Report Title | Vulnerability Type | Disclosed By | Severity | Disclosed on |
|---|---|---|---|---|
| Stored XSS at nordvpn.com | Cross-site Scripting (XSS) - Stored | thiagomarques | Medium | 2023-10-12 |
| Email verification bypass for manual connection setup using service credentials | None supplied | yozzo_ | Medium | 2023-09-22 |
| Subscription check bypass of NordVPN service | Improper Authorization | tlsh1 | High | 2023-07-17 |
| NordVPN Linux Client - Unsafe service file permissions leads to Local Privilege Escalation | Privilege Escalation | bashketchum | Medium | 2022-08-24 |
| CSRF to change password | Cross-Site Request Forgery (CSRF) | paramdham | Critical | 2022-01-12 |
| Possible RCE through Windows Custom Protocol on Windows client | OS Command Injection | cyku | Medium | 2021-01-25 |
| Password Reset Link Leaked In Refer Header In Request To Third Party Sites | Cleartext Transmission of Sensitive Information | th3pr0xyb0y | Low | 2020-10-06 |