Banner object (1)

Hack and Take the Cash !

844 bounties in database
  Back Link to program      
Algolia logo
Hall of Fame


100 $ 


Algolia is committed to working with security experts across the globe to stay up to date with the latest security techniques. If you have discovered a security issue that you believe we should know about, we'd welcome working with you. Please let us know about it and we'll make every effort to quickly correct the issue.

DO NOT use automated scanning tools


  • Website related endpoints on __
  • API related endpoints on or


Minimum reward is $100 for security vulnerabilities. The reward depends on the vulnerability severity and will be paid via HackerOne only. Every researcher with accepted vulnerability will be mentioned on __
Issues without security impact are not eligible for a bounty, yet still welcomed and will be treated like any other report.


  • You must be the first reporter of the vulnerability.
  • You follow
  • You do not access data of other users and solely use your created accounts.
  • You may not publicly disclose the vulnerability prior to our resolution.
  • You are not an individual on, or residing in any country on, any U.S. sanctions lists.
  • You provide a working proof of concept that exploits the security issue


  • Login/Logout CSRF
  • DDoS
  • Social engineering on customers or employees of Algolia
  • Self-XSS (we require evidence on how the XSS can be used to attack another Algolia user)
  • Miss of rate limits
  • Report from automated tools and scans
  • Vulnerabilities sending spam or unauthorised messages
  • Bugs in 3rd party software
  • X-Frame-Options related
  • Customer's sites
  • Relating to HSTS
  • Missing security headers which do not lead directly to a vulnerability
  • Physical attack on the infrastructure
  • Theoretical attacks
  • Breaking of SSL/TLS trust
  • Compromising of browser/device (ex. computer sharing, physical access to a user's device, ...)
  • Vulnerabilities only affecting users of outdated or unpatched browsers and platforms
  • Password and account recovery policies, such as reset link expiration or password complexity
  • Vulnerabilities without solution on our side (HEIST, ...)
  • Outdated DNS record pointing to system which does not belong to Algolia

In Scope

Scope Type Scope Name





This program leverage 3 scopes, in 1 scopes categories.

FireBounty © 2015-2019

Legal notices