Security Status: Protected|Memory leak vulnerability (CVE-2025-1234) fixed in v1.1.6 - Updated July 2, 2025

Bug Bounty Program

Help us keep Bleu.js secure by reporting security vulnerabilities and earning rewards.

Program Overview

Our bug bounty program rewards security researchers who responsibly disclose vulnerabilities in Bleu.js. We believe in working with the security community to identify and fix security issues before they can be exploited.

Rewards

Earn up to $10,000 for critical vulnerabilities, with rewards ranging from $100 to $5,000 based on severity.

Scope

All Bleu.js applications, APIs, and infrastructure are in scope for security testing.

Reward Tiers

Critical - $5,000 - $10,000

Remote code execution, authentication bypass, data breaches, or other severe vulnerabilities that could compromise user data or system integrity.

High - $1,000 - $5,000

SQL injection, XSS, CSRF, privilege escalation, or other vulnerabilities that could lead to unauthorized access or data manipulation.

Medium - $500 - $1,000

Information disclosure, improper access controls, or other vulnerabilities that could expose sensitive information.

Low - $100 - $500

Minor security issues, best practice violations, or other vulnerabilities with limited impact.

In Scope

Web Applications

  • bleujs.org and all subdomains
  • API endpoints and authentication systems
  • User dashboard and account management
  • Payment processing systems

Infrastructure

  • Cloud infrastructure and services
  • Database systems and data storage
  • Network security and access controls
  • Third-party integrations

Mobile Applications

  • iOS and Android applications
  • API communication and data handling
  • Local storage and caching

Out of Scope

  • Social engineering attacks
  • Physical security testing
  • Denial of service (DoS) attacks
  • Third-party services not owned by Bleu.js
  • Vulnerabilities in outdated software versions
  • UI/UX issues that don't have security implications
  • Spam or phishing attempts

Reporting Guidelines

How to Report

  1. Email your report to [email protected]
  2. Include a detailed description of the vulnerability
  3. Provide proof-of-concept code or screenshots
  4. Explain the potential impact and exploitation scenario
  5. Suggest remediation steps if possible

Required Information

  • Vulnerability type and severity
  • Affected systems or components
  • Steps to reproduce the issue
  • Impact assessment
  • Your contact information

Response Timeline

Initial Response

Within 24 hours of receiving your report

Assessment

Within 7 days for vulnerability assessment

Resolution

Within 30 days for critical issues

Terms and Conditions

  • You must not access or modify other users' data
  • You must not perform any actions that could disrupt our services
  • You must not publicly disclose vulnerabilities before we've had time to fix them
  • You must comply with all applicable laws and regulations
  • We reserve the right to modify or terminate the program at any time
  • Rewards are at our sole discretion and may vary based on quality and impact

Hall of Fame

We recognize and thank security researchers who have helped improve our security:

Our Hall of Fame will be updated as researchers contribute to our security program. We're grateful for all responsible disclosures that help keep our community safe.

Ready to Report a Vulnerability?

Help us keep Bleu.js secure by reporting any security issues you discover.

Report Security Issue