Bug Bounties

GoodRx

Powered by: 

Allows bounty splitting: 

Average time to first program response: 9

Average time to bounty awarded null: 0

Average time to report resolved: 0

Handle goodrx

Managed program: true

Name: GoodRx

Offers bounties: true

Offers swag: false

Response efficiency percentage: 100

Submission state: open

Url: https://hackerone.com/goodrx

Website: https://www.goodrx.com

In scope:

  • Asset identifier: com.goodrx
  • Asset type: GOOGLE_PLAY_APP_ID
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: Playstore Download: https://play.google.com/store/apps/details?id=com.goodrx
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: com.goodrx.iphone
  • Asset type: APPLE_STORE_APP_ID
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: iOS Download: https://itunes.apple.com/app/id485357017
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: www.goodrx.com
  • Asset type: URL
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: This our primary site. Our mobile site m.goodrx.com is also covered by this scope. The site uses https://api.heydoctor.com in order to service functionality for the GoodRx Care service (https://www.goodrx.com/care). If the vulnerability to discovered requires a request to https://api.heydoctor.com then you can report it and it will be considered in-scope. Please make sure to include the specific GoodRx URL that initiated the call to that API when applicable.
  • Integrity requirements: high
  • Max severity: critical