Bug Bounties

Figma

Powered by: 

Allows bounty splitting: 

Average time to first program response: 20

Average time to bounty awarded null: 180

Average time to report resolved: 2200

Handle figma

Managed program: true

Name: Figma

Offers bounties: true

Offers swag: false

Response efficiency percentage: 94

Submission state: open

Url: https://hackerone.com/figma

Website: https://figma.com

In scope:

  • Asset identifier: Figma Atlassian App
  • Asset type: OTHER
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: https://marketplace.atlassian.com/apps/1217865/figma-for-jira Unauthorized access via this app or the APIs that this app uses is also in scope.
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: Figma Desktop App
  • Asset type: OTHER
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: Figma Slack App
  • Asset type: OTHER
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: https://figma.slack.com/apps/A01N2QYSA81-figma-and-figjam?tab=more_info
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: Figma for Microsoft Teams
  • Asset type: OTHER
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: https://appsource.microsoft.com/en-us/product/office/wa200004521?tab=overview
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: Figma iOS and Android apps
  • Asset type: OTHER
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: api.figma.com
  • Asset type: URL
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: www.figma.com
  • Asset type: URL
  • Availability requirement: low
  • Confidentiality requirement: high
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: We are primarily looking for high/critical vulnerabilities in the system.
  • Integrity requirements: high
  • Max severity: critical