Responsible Disclosure

At Mintlify, we care deeply about the safety and security of our customer's data. We greatly value inputs from our community that can help us detect vulnerabilities in our product and services.

How to report an issue

If you have discovered an issue or vulnerability that is in-scope (see below), please send an email to [email protected] with the following details.

A summary of the vulnerability and potential impact
Steps to reproduce the issue, including screenshots
Details of your environment including OS, browser, and device details
If possible, proof-of-concept code to exploit the vulnerability

Upon receiving your email, our team will conduct an investigation. We will update you on our progress, and may request further details if needed.

Of course, we will offer a reward efforts that depend on the severity of the vulnerability. A vulnerability with a CVSS score of 4 or higher and have been previously unidentified will be guaranteed financial compensation.

All other original reports will be considered, and the reward may range from being featured in our security page or financial compensation.

In scope

Out-of-scope

Automated scanning
Social engineering, particularly involving Mintlify employees
Brute force attacks
DDOS attacks
Clickjacking on pages with no sensitive actions
Theoretical attacks without proof of exploitability
Attacks requiring physical access to a victim’s device
Denial of service attacks

We kindly ask you

Test the vulnerability on your own account. If testing on another account, make sure to have requested explicit permission
Do not copy or destroy production data
Do not engage in activities that will cause downtime for our services
Avoid violations to our privacy policies, terms of service, and other data privacy regulation
Do not make the vulnerability public before reporting it to us via the procedures above, and giving us enough time to properly address the issue

Happy hacking 💚