# Reporting a vulnerability

Sourcegraph's public bug bounty scheme is closed as of the 31st of March 2022.
We are currently operating an invite-only HackerOne bug bounty program instead.
If you have found a high or critical severity vulnerability in one of our
products, please reach out to security@sourcegraph.com and we will assess whether
the severity of the reported issue merits an invite to the program. Please note
that a report to this email address is no longer considered a submission to the
bounty scheme in itself.


<section class="h0Wrapper headingWrapper"><section class="h1Wrapper headingWrapper"><h1 id="reporting-a-vulnerability"><a class="anchor" aria-hidden tabindex="-1" href="#reporting-a-vulnerability"><span class="icon icon-link"></span></a>Reporting a vulnerability</h1>
<p>Sourcegraph’s public bug bounty scheme is closed as of the 31st of March 2022.
We are currently operating an invite-only HackerOne bug bounty program instead.
If you have found a high or critical severity vulnerability in one of our
products, please reach out to <a href="mailto:security@sourcegraph.com">security@sourcegraph.com</a> and we will assess whether
the severity of the reported issue merits an invite to the program. Please note
that a report to this email address is no longer considered a submission to the
bounty scheme in itself.</p></section></section>