Pinterest is a place to discover ideas for all your projects and interests, hand-picked by people like you. We take our security very seriously and welcome any responsible disclosure of potential gaps in our systems.
This program adheres to the Bugcrowd Vulnerability Rating Taxonomy for the prioritization of findings.
Please note: Rewards caps are strict and non-negotiable
Last updated 18 Sep 2019 20:38:33 UTC
Technical severity | Reward range
p1 Critical | Up to: $15,001
p2 Severe | $1,800 - $2,400
p3 Moderate | $600 - $1,000
p4 Low | Up to: $200
P5 submissions do not receive any rewards for this program.
Target name | Type
Pinterest iOS Mobile Application | Other
Pinterest Android Mobile Application | Other
Pinterest Buyable Pins / eCommerce features | Other
Edge extension (download at: ms-windows-store://pdp/?productid=9nblggh4v89b
) | Other
Chrome extension (download at: chrome.google.com/webstore/detail/pinterest-
save-button/gpdjojdkbbmdfjfahjcgigfpmkopogic?hl=en) | Other
Safari extension (download at: assets.pinterest.com/ext/Pinterest-
Safari.safariextz) | Other
Firefox extension (download at:
assets.pinterest.com/ext/Pinterest_Firefox.xpi) | Other
Open source projects listed at github.com/pinterest/ | Other
*.pinterest.com | Website
Vulnerabilities reported on other Pinterest properties or applications not listed as 'In scope' are currently not eligible for monetary rewards (as they come into scope, they will be added to this section). However, they are still eligible for our Hall of Fame.
After being rewarded and patched, certain vulnerabilities on our Android mobile app may qualify for an additional bounty through the Google Play Security Rewards Program. To see which apps and vulnerabilities may qualify for a bounty, please refer to the Google Play Security Rewards Program's Scope and Vulnerability Criteria [https://hackerone.com/googleplay]
Focus Areas: These issues are of particular interest and will be considered for top rewards:
We are pleased to thank every researcher who submits valid reports that help us improve the security of Pinterest. However, only those that meet the following eligibility requirements may receive a reward:
As a condition of participation in this program, you hereby grant Pinterest, its affiliates and customers a perpetual, irrevocable, worldwide, royalty-free, transferrable, sub-licensable (through multiple tiers) and non-exclusive license to use, reproduce, adapt, modify, publish, distribute, publicly perform, create a derivative work form, make, use, sell, offer for sale and import the Submission, as well as any materials submitted to Pinterest in connection therewith, for any purpose.
As well, this program is not an offer of employment, nor of a contractual relationship between Pinterest and any other party. You are also responsible for any applicable taxes associated with any reward you receive. We may modify the terms of this program or terminate this program at any time. We will not apply changes to this program retroactively.
When conducting vulnerability research according to this policy, we consider this research to be:
Exempt from restrictions in our Terms & Conditions that would interfere with conducting security research, and we waive those restrictions on a limited basis for work done under this policy;
Lawful, helpful to the overall security of the Internet, and conducted in good faith.
You are expected, as always, to comply with all applicable laws.
If at any time you have concerns or are uncertain whether your security research is consistent with this policy, please submit a report through one of our official channels before going any further.
This program follows Bugcrowd’s standard disclosure terms.
This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.
|Scope Type||Scope Name|
Pinterest Android Mobile Application
Pinterest iOS Mobile Application
Pinterest Buyable Pins / eCommerce features
Edge extension (download at: ms-windows-store://pdp/?productid=9nblggh4v89b )
Open source projects listed at github.com/pinterest/
Chrome extension (download at: chrome.google.com/webstore/detail/pinterest- save-button/gpdjojdkbbmdfjfahjcgigfpmkopogic?hl=en)
Safari extension (download at: assets.pinterest.com/ext/Pinterest- Safari.safariextz)
Firefox extension (download at: assets.pinterest.com/ext/Pinterest_Firefox.xpi)
This program crawled on the 2015-06-30 is sorted as bounty.