WhatRuns Bug Bounty Program

We love software security researchers. They engage with internet companies to find and fix vulnerabilities that otherwise would have gone unnoticed.

WhatRuns is proud to introduce a bug bounty program to reward researchers for their efforts in finding out vulnerabilities in our product.

WhatRuns is not affiliated with or endorse the technology companies we list on our website or extension.


  • The bug must not have been previously reported.
  • You must inform us before publishing the vulnerability elsewhere, and provide us with enough time to fix the issue.
  • You must not try to exploit or steal information from WhatRuns or its users.


Rewards range from $100 up to $5000 and are determined at our discretion based on numerous factors.

How to Submit a Vulnerability

To claim the bounty, please send an email to [email protected] with sufficient information regarding the vulnerability and your thoughts on how to fix it. We will then notify our developers and respond to your email within seven days. The bounty is paid as soon as we confirm that the vulnerability exists.

The bounty is paid via Paypal. You can choose to donate the amount to a charity of your choice.

Happy bug hunting!