Banner object (1)

Hack and Take the Cash !

844 bounties in database
  Back Link to program      
GNU Wget logo
Hall of Fame


GNU Wget

Program Rules

GNU Wget / Wget2 uses BountyGraph to reward security researchers for finding vulnerabilities. You can access our development pages at Wget or Wget2.


We are most interested in the following classes of vulnerability

  • Remote code execution (RCE)
  • Privacy leaks to remote servers
  • Local file/data corruption from remote
  • Denial of service e.g. by triggering endless loops or crashing Wget from remote


The following is considered out of scope and will not receive a bounty

  • Please report any issues with our hosting service (Savannah) as described at Savannah-Contact.
  • Social engineering (including phishing) or physical attacks
  • Automated vulnerability scanner output
  • Anything without a working reproducer
  • All kinds of undefined behavior, except it matches one of the classes in scope (see above)

GNU Wget project maintainers will determine whether a reported issue is considered a security vulnerability and give it a security rating of Low, Moderate, High, or Critical based on its ease of exploitation, resulting attacker control, and commonality of required configuration.

The BountyGraph Panel will have final say on the amount paid out for the vulnerability, but will base this decision on GNU Wget’s final assessment of the bug.

Only commonly used versions of GNU Wget are eligible for bounty submissions and only if the issue isn't already fixed in the latest source codes. So please ensure your exploit is still present in recent versions (better: latest sources from master branch) when you submit your bounty.

Please remember that not all submissions will qualify for a bounty. Generally only the first valid report of a particular bug will be accepted, and the final decision of the bounty reward is at the discretion of the Panel.

BountyGraph Payout Policy

Bounties are paid to hackers and project maintainers at the discretion of the funding organizations and the BountyGraph team. To be eligible for a bounty, each submission must meet BountyGraph's report guidelines.

FireBounty © 2015-2019

Legal notices