Thanks for participating in our responsible disclosure program. Before beginning your research, we kindly request that you carefully review this program's terms and conditions. This will ensure that your efforts align with our objectives and that you receive the proper recognition for any findings that meet the program criteria. Valid and quality reports that meet the below criteria will be awarded with Weaviate swag, recognition on the HackerOne platform and listed on our Weaviate Security Hall of Fame.
Legal
Safe Harbour: Activities conducted in a manner consistent with these criteria will be considered authorised conduct, and we will not initiate legal action against you for breach of any applicable license conditions.
Individuals located in a country subject to a US or EU embargo or listed on any sanctioned persons list are not permitted to participate.
Do not publicly disclose issues or post Proofs of Concept until a fix has been confirmed by Weaviate.
Do not deliberately disrupt any Weaviate service or access any accounts or data other than your own.
All testing must be performed as good faith research, with the intent to disclose to Weaviate.
Scope
Only testing of in-scope products detailed here is allowed:
