Shipt Program Statistics

View program

7 total issues disclosed

$2,500 total paid publicly

Most disclosed (2 disclosures) — None supplied

Disclosed Reports

Report Title Vulnerability Type Disclosed By Severity Disclosed on
bypass the [OKTA] login redirect can lead to disclosing limited-information about the sub-domain at [ ] Violation of Secure Design Principles tester1231233 Low 2020-09-10
Slack token leaking in stackoverflow and devtimes Cleartext Storage of Sensitive Information streaak Medium 2019-08-29
Multiple Subdomain Takeovers:,, Reliance on Reverse DNS Resolution for a Security-Critical Action mubassirpatel Medium 2019-06-17
Any user can completely delete their own account without authorization and/or going through any kind of membership cancellation protocol. Improper Access Control - Generic s3cur3 Low 2018-09-12
Subdomain takeover at None supplied plenum Medium 2018-08-16
Open redirect on marketing site Open Redirect robd4k None 2018-08-07
Subdomain Takeover at None supplied m7mdharoun High 2018-08-02