CodeRaptor
Security Program

Responsible Disclosure Program

We value the security research community. Help us keep CodeRaptor secure by reporting vulnerabilities responsibly.

Report a Vulnerability

Our Commitment to Researchers

Fast Response

We acknowledge all reports within 24 hours and provide regular updates throughout the remediation process.

Safe Harbor

We will not pursue legal action against researchers who follow these guidelines and act in good faith.

Recognition

Researchers who report valid vulnerabilities will be credited in our Hall of Fame (if desired).

Transparency

We'll keep you informed of the fix timeline and notify you when the issue is resolved.

How to Report a Vulnerability

Email: [email protected]

Please include the following information in your report:

  • Description of the vulnerability and its potential impact
  • Step-by-step instructions to reproduce the issue
  • Affected components or endpoints
  • Any proof-of-concept code or screenshots
  • Your preferred contact information
  • Whether you would like to be credited in our Hall of Fame

PGP Encryption Available: For sensitive reports, you can encrypt your message using our PGP key available at coderaptor.ai/.well-known/security.txt

Scope

In Scope

  • • app.coderaptor.ai and subdomains
  • • coderaptor.ai website
  • • CodeRaptor GitHub App
  • • API endpoints (api.coderaptor.ai)
  • • Authentication and authorization flaws
  • • Data exposure vulnerabilities
  • • Cross-site scripting (XSS)
  • • SQL injection and other injection attacks
  • • Remote code execution
  • • Business logic vulnerabilities

Out of Scope

  • • Denial of service (DoS/DDoS) attacks
  • • Social engineering attacks
  • • Physical security attacks
  • • Third-party services we don't control
  • • Spam or email phishing
  • • Clickjacking on static pages
  • • Missing security headers without impact
  • • SSL/TLS best practice issues
  • • Rate limiting issues without impact
  • • Already known vulnerabilities

Response Timeline

Within 24 hours
We acknowledge receipt of your report
Within 72 hours
We provide an initial assessment and severity rating
Within 7 days
We develop and test a fix for critical issues
Within 30 days
We aim to resolve most vulnerabilities
Within 90 days
Complex issues requiring significant changes

Researcher Guidelines

To qualify for our safe harbor protections, please follow these guidelines:

  • Do not access, modify, or delete data belonging to other users
  • Do not perform actions that could harm our users or systems
  • Do not disclose the vulnerability publicly before we fix it
  • Do not exploit the vulnerability beyond what is necessary for a proof-of-concept
  • Provide us reasonable time to remediate before disclosure
  • Act in good faith to avoid privacy violations and service disruption

Ready to Report?

Thank you for helping keep CodeRaptor and our users secure.

[email protected]