Banner object (1)

Hack and Take the Cash !

794 bounties in database
  Back Link to program      
Notepad++ logo
Hall of Fame



Disclosure Policy

  • Follow HackerOne's disclosure guidelines.
  • Let us know as soon as possible upon discovery of a potential security issue, and we'll make every effort to quickly resolve the issue.
  • Please provide detailed reports with reproducible steps demonstrating a plausible exploitation scenario.
  • Multiple vulnerabilities caused by one underlying issue will be closed as a duplicate.
  • The project maintainers have final decision on which issues constitute security vulnerabilities. We will respect their decision, and we ask that you do as well.


While researching, we'd like to ask you to refrain from:

  • Denial of service
  • Spamming
  • Social engineering (including phishing) of developers


The PoC must work on the master branch of plus/notepad-plus-plus __, or the latest build. Older builds are explicitly out of scope.


Vulnerabilities are to be evaluated given contemporary computer architectures.

The PoC must work on the respective repository trunk heads or the latest released version. Older builds are explicitly out of scope.

Safe Harbor

Any activities conducted in a manner consistent with this policy will be considered authorized conduct and we will not initiate legal action against you. If legal action is initiated by a third party against you in connection with activities conducted under this policy, we will take steps to make it known that your actions were conducted in compliance with this policy.

Bounties and rewards

Unfortunately, we cannot offer any financial rewards right now, as this project is open-source without any revenue. We hope that public credit listed on our thanks page and the feeling of having done good may be gratifying.

Thank you for helping keep Notepad++ and our users safe!

In Scope

Scope Type Scope Name

This program have been found on Hackerone on 2019-08-06.

FireBounty © 2015-2020

Legal notices