We understand that your code, applications, and user-data hosted on Replit are very important, so we take seriously our responsibility to safeguard it. After all, we use Replit to build our business too!
Being a small startup with limited resources, we unfortunately can't run a bug bounty program. However, if you report a vulnerability responsibly, we'll work with you to fix the issue. We'll also credit you on our blog.
Pursuant to our terms of service, you should not take any actions that interfere or disrupt the service. If you are in doubt, and think there might be a risk of service disruption, then don't try to verify the bug yourself – email us and we'll work with you to verify it.
Email [email protected] with a description of the issue and we'll respond as soon as possible.