If you believe you have found a security vulnerability that could impact Urban Dictionary or its users, we encourage you to let us know right away. We will investigate all legitimate reports and do our best to quickly fix the problem. We ask that you follow our Vulnerability Disclosure Policy (this page) and HackerOne's Disclosure Guidelines and make a good faith effort to avoid privacy violations, destruction of data and interruption or degradation of our service during your research.

Scope

The domains and apps listed on our program page are in scope.

Eligibility and Disclosure

In order for your submission to be eligible:

• You must agree to our Vulnerability Disclosure Policy (this page).

• You must be the first person to responsibly disclose an unknown issue.

All legitimate reports will be reviewed and assessed by Urban Dictionary's security team to determine if it is eligible.

Urban Dictionary's website and services are not intended for, or designed to attract, individuals under the age of 18. Reporters under the age of 18 will not be eligible to receive rewards.

Rewards

For each eligible vulnerability report, the reporter will receive recognition on our HackerOne Hall of Fame.

Exclusions

The following are out of scope for the vulnerability disclosure program.

• Clickjacking vulnerabilities

• Vulnerabilities where a successful exploit requires a man-in-the-middle setup or physical access to the user's machine

• Physical attacks against Urban Dictionary employees, offices, and data centers

• Social engineering of Urban Dictionary employees, contractors, vendors, or service providers

• Knowingly posting, transmitting, uploading, linking to, or sending any malware

• Pursuing vulnerabilities which send unsolicited bulk messages (spam) or unauthorized messages

• Any vulnerability obtained through the compromise of an Urban Dictionary customer or employee account. If you need to test a vulnerability, please create a free account

Thanks

We look forward to hearing from you.