Hall of fame

On behalf of thousands of users and the entire team here at Paddle, we'd like to thank the security researchers who have participated in our vulnerability disclosure program and helped make our products and applications more secure.

Paddle handles customer authentication, ensures SOC compliant data protection, provides all necessary information on customer communications, and adheres to regional and international laws

Researcher	Vulnerability	Date
Freddie Leeman	Encryption key referenced in security.txt expired	January 2025
Michal Biesiada	Content injection	October 2024
Foysal Ahmed	Subdomain takeover	January 2024
Parth Narula	Broken link hijacking	November 2023
Tanvir Ahmed	Rate limiting	October 2022
Sahaj Gautam	Session management	June 2022
Durvesh Kolhe	Inconsistent application of password policy	June 2022
Kunal Mhaske	Inconsistent application of password policy	May 2022
Samir Gondaliya	Content injection	May 2022

Info for researchers

Found a vulnerability?

You can learn more about our policy and submit a report at the links below.

Read the policy Submit a report

Billing

Billing

vidyo.ai

Kaleido

Hall of fame

Researcher

Vulnerability

Date

Found a vulnerability?