WebinarUnlocking growth outside the US - 24 July   Join us
Security disclosure

Hall of fame

On behalf of thousands of users and the entire team here at Paddle, we'd like to thank the security researchers who have participated in our vulnerability disclosure program and helped make our products and applications more secure.

Paddle handles customer authentication, ensures SOC compliant data protection, provides all necessary information on customer communications, and adheres to regional and international laws

Researcher

Vulnerability

Date

Foysal Ahmed

Subdomain takeover

January 2024

Parth Narula

Broken link hijacking

November 2023

Tanvir Ahmed

Rate limiting

October 2022

Sahaj Gautam

Session management

June 2022

Durvesh Kolhe

Inconsistent application of password policy

June 2022

Kunal Mhaske

Inconsistent application of password policy

May 2022

Samir Gondaliya

Content injection

May 2022

Info for researchers

Found a vulnerability?

You can learn more about our policy and submit a report at the links below.

Read the policy Submit a report