Want to report a security vulnerability?

Currently, we don’t have a formal bounty program, but you are eligible to get a cash reward.

If:

It’s a critical vulnerability affecting production systems (e.g., leaked secrets)
You have not exploited and disclosed it publicly
It has not been reported earlier
The vulnerability is related to hashnode.com or the blogs on Hashnode, not any external services we use.
It’s not reported by another researcher already.

It may take us at least 15 business days to send a fix. Critical vulnerabilities are patched pretty much immediately.

Only test against your accounts and data (e.g., create test accounts). If you identify a vulnerability that may result in access to other users' data, please check with us before testing further.
If you inadvertently access other users’ data in your testing, please let us know, and do not store any such user data.
Do not perform testing that results in denial of service conditions or degradation of our production services.
Social engineering is out of scope for this program; do not attempt to social-engineer our organization or our users.