Canva
Top 1K siteBounty Partial Safe Harbor
Up to USD $15,000
Program Details
- Managed
- Yes
- Allows Disclosure
- No
Scope (18 targets)
web: 9 mobile: 2 api: 1 other: 6 In Scope
- www.canva.com web bounty-eligible
- Canva Developer Portal web bounty-eligible
- Apps SDK Sandboxing other bounty-eligible
- api.canva.com api bounty-eligible
- *.canva.com web bounty-eligible
- *.canva-apps.com web bounty-eligible
- *.canva.tech web bounty-eligible
- Canva for ChatGPT web bounty-eligible
- Canva for Slack web bounty-eligible
- Canva Desktop (macOS / Windows) other bounty-eligible
- Canva (iOS) mobile bounty-eligible
- Canva (Android) mobile bounty-eligible
- Canva (Chrome Extension) other bounty-eligible
- *.canva.cn web bounty-eligible
- *.canva-apps.cn web bounty-eligible
- Leaked Credentials and Secrets (Canva Employee/Contractor) other bounty-eligible
- Leaked Credentials and Secrets (Canva User) other bounty-eligible
- 3rd-Party Provider Vulnerability other bounty-eligible
Security
- security.txt
- https://www.canva.com/.well-known/security.txt
security.txt
- Contact
- https://canva.com/security/bug-bounty, https://www.canva.com/help/describe-your-issue
- Policy
- https://trust.canva.com
- Hiring
- https://www.canva.com/careers/jobs/?specialty=security
- Acknowledgments
- https://bugcrowd.com/engagements/canva/hall_of_fames
- Languages
- en
Additional Info
- Hiring
- Actively hiring security researchers