20180 policies in database
Link to program      
Zola VDP logo

Zola VDP

Zola recognizes the importance of security, privacy, and community. We value the input of the security community and welcome the opportunity to collaborate with community members to maintain a high standard for our users and to create a more secure Internet.

We take security issues seriously. If you believe you've identified a vulnerability within our products, we would like to know about it. We'll investigate all submissions and do our best to fix issues. Thank you for taking an interest in making the Internet safer!


For the initial prioritization/rating of findings, this program will use the Bugcrowd Vulnerability Rating Taxonomy. However, it is important to note that in some cases a vulnerability priority will be modified, in Zola’s sole but reasonable discretion, due to its likelihood or impact. In any instance where an issue is downgraded, a full, detailed explanation will be provided to the researcher - along with the opportunity to appeal, and make a case for a higher priority.

Certain vulnerabilities may exist on multiple endpoints within the same entity and may be considered as duplicates of each other. It is still recommended that you report them, as the team will investigate to see if they are unique. However, please note that subsequent submissions may be marked as Not Applicable to prevent points farming. An example would be create/read/update/delete endpoints for the same entity with IDOR vulnerability.


Program rules

This program follows Bugcrowd’s standard disclosure terms.

For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please email support@bugcrowd.com. We will address your issue as soon as possible.

Learn more about Bugcrowd’s VRT.

In Scope

Scope Type Scope Name

Zola Android App


Zola iOS App



This program have been found on Bugcrowd on 2021-09-28.

FireBounty © 2015-2021

Legal notices