Webinar

Maximize customer retention and LTV after Black Friday

Join us live

Security disclosure
Hall of fame

On behalf of thousands of users and the entire team here at Paddle, we'd like to thank the security researchers who have participated in our vulnerability disclosure program and helped make our products and applications more secure.

Paddle handles customer authentication, ensures SOC compliant data protection, provides all necessary information on customer communications, and adheres to regional and international laws

Researcher

Vulnerability

Date

Michal Biesiada

Content injection

October 2024

Foysal Ahmed

Subdomain takeover

January 2024

Parth Narula

Broken link hijacking

November 2023

Tanvir Ahmed

Rate limiting

October 2022

Sahaj Gautam

Session management

June 2022

Durvesh Kolhe

Inconsistent application of password policy

June 2022

Kunal Mhaske

Inconsistent application of password policy

May 2022

Samir Gondaliya

Content injection

May 2022

Info for researchers

Found a vulnerability?

You can learn more about our policy and submit a report at the links below.

Read the policy Submit a report