Skip to main content

Reports

Submitting a Report

As a reporter, click "New Report" from your dashboard. Select the organization you are reporting to (if you belong to more than one), then fill in:

  • Title — a brief summary of the vulnerability.
  • Description — what the vulnerability is, with as much detail as possible. Markdown is supported.
  • Reproduction Steps — step-by-step instructions for reproducing the issue. Include URLs, parameters, tools used, and screenshots where helpful.
  • Impact (optional) — describe the potential consequences if the vulnerability were exploited.
  • Suggested Severity (optional) — your assessment of severity on a 1-5 scale.
  • Suggested CWE / OWASP (optional) — if you know the applicable weakness classification.

You can attach files (PDF, images, video) and embed images inline in Markdown fields by dragging them into the editor.

Each report has a tracking ID that you assign, so you can cross-reference it with your own records.

Report Lifecycle

Reports move through these statuses:

  • Open — newly submitted, awaiting review.
  • In Review — an organization member is actively reviewing the report.
  • Closed — the issue has been addressed.
  • Invalid — the report does not describe a valid vulnerability.
  • Duplicate — the issue was already reported.
  • Withdrawn — the reporter withdrew the report.
  • Accepted Risk — the organization acknowledges the issue but has chosen not to remediate it.
  • Informational — the report is noted but does not require action.

Messages

Both reporters and organization members can post messages on a report. Messages support threading (replies). You will receive a notification when a new message is posted on one of your reports.