Bug Bounties

KAYAK

Powered by: 

Allows bounty splitting: 

Average time to first program response: 2

Average time to bounty awarded null: 153

Average time to report resolved: 687

Handle kayak

Managed program: true

Name: KAYAK

Offers bounties: true

Offers swag: true

Response efficiency percentage: 98

Submission state: open

Url: https://hackerone.com/kayak

Website: https://www.kayak.com

In scope:

  • Asset identifier: business.kayak.com
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: com.kayak.android
  • Asset type: GOOGLE_PLAY_APP_ID
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: The most recent version of this app is in scope
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: com.kayak.travel
  • Asset type: APPLE_STORE_APP_ID
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: The most recent version of this app is in scope
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: www.cheapflights.com
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: including local versions: e.g. www.cheapflights.co.uk, www.cheapflights.com.au, etc. Please check https://www.kayak.com/global for full list of domains that belong to us.
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: www.checkfelix.com
  • Asset type: URL
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: www.hotelscombined.com
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: including local versions: e.g. www.hotelscombined.com.au, www.hotelscombined.co.kr, etc. Please check https://www.kayak.com/global for full list of domains that belong to us.
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: www.kayak.com
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: including localised versions: e.g. www.kayak.de, www.kayak.fr and www.kayak.co.uk, etc. Please check https://www.kayak.com/global for full list of domains that belong to us.
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: www.momondo.com
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: including localised versions: e.g. www.momondo.dk, www.momondo.se, etc.
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: www.mundi.com.br
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: www.swoodoo.com
  • Asset type: URL
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: high
  • Max severity: critical