Envato Product Security

Security and privacy at Envato starts with our values.

At Envato, we understand security and privacy is important because we are in it for the community. This means we’re committed to working with our community, including through our security program to recognise helpful hackers that work with Envato.

Helpful Hacker Program

Our Helpful Hacker program allows our community to report product vulnerabilities to Envato. We operate the program based on the following principles:

Reporting a vulnerability

If you believe you have found a general security vulnerability in an Envato product you can use this form to report the vulnerability to us. We will confirm receipt and follow up with verification and target date for full disclosure following resolution.

For security issues related to your personal account you should contact our friendly Help Team.

Rules

Whilst investigating potential vulnerabilities, you must not:

If in doubt, get in touch first!

Scope

Included in scope are any products or services that reside under the following domains that are managed by Envato:

Helpful Hackers will be added to either the Envato Systems Honor Roll or the Envato Author Item Honor Roll depending on the scope of the vulnerability.

Qualifying vulnerabilities

While not extensive, this list provides some examples of what we are classing as a security vulnerability and will award to Helpful Hackers.

Non-qualifying vulnerabilities

If you are ever unsure about whether the vulnerability you are testing is questionable or may fall into the non-qualifying category, please get in touch with us for guidance.

Honor Roll - Envato Systems

Name Dates of reports
Nicolò Altamura — serhack.me 28 Sep 2017
Vineet Kumar — Vineet Kumar 12 Sep 2017
Alexander Sidukov — @cyberopus 18 Aug 2017
Abdelali Khalfi — Abdelali 2 Aug 2017
Ivan Danilov — coderast 29 Jun 2017
Piyush Kumar — silverpoisionhub.blogspot.in 20 Jun 2017
Himanshu Rahi — himanshu.rahi.31 9 Jun 2017
Gamiel Xavier V. Manbiotan — Yokairenki 30 May 2017
Shawar Khan — shawarkhanskofficial 22 May 2017
Mohammed Israil — VillageLad 7 May 2017
Alfie Njeru — the-infosec.com 4 May 2017
Gaurav Kumar — drago4344 2 May 2017
Syed Muhammad Abdul Karim — abdulkarim.co 27 Mar 2017
Yasin Soliman — @SecurityYasin 8 Feb 2017
Kenan Genç — @hackergnc 7 October 2016
Dave Baker — dtbaker.net 1 October 2016
Alex Crivion — crivion.com 8 Sep 2016
Aaysha Khilji — @a1ksecurity 26 Aug 2016
Muhammad Abdullah — root.abdullah 03 Apr 2016
Eden Alon — eden.alon12 31 Mar 2016
Koen Rouwhorst — www.koenrouwhorst.nl 11 Jan 2016
Ramin Farajpour Cami — Saminray 8 Sep 2015
Syed Daniyal Bin Rashid — DaN1.mrcopypaste
SaifAllah benMassaoud — WhiteHatSecuri
4 Sep 2015
Ahmed Jerbi — Web Plus 3 Sep 2015
Zeeshan — zeex.zeeshan 27 Aug 2015
Sumit Sahoo — 54H00 5 Jul 2015
BALAJI P R — linkedin 30 Dec 2014
Sam Berson — @SamBerson 29 Oct 2014
Geert Smelt — @gasmelt 19 Sep 2014
Sajjad Hashemian — @skinodcom 11 Aug 2014
Mazen Gamal Mesbah — @MazenGamal 20 Aug 2014
Tran Doan San — @doansan 2 July 2014
Bogdan Sergiu Dragos 7 June 2014
Kamil Sevi — @kamilsevi 20 May 2014
Amir Sohail 08 May 2014
Christy Philip Mathew — @christypriory 30 Apr 2014
Moujahed Jmal 05 Apr 2014
Mahadev Subedi 18 Mar 2014
Ahmad Ashraff 18 Mar 2014
Shpend Kurtishaj 11 Mar 2014
Abhishek Gahlot 1 Feb 2014
Chetan Soni — @iamchetansoni 25 Nov 2013
Janne Ahlberg 1 Nov 2012
Dejan Marjanovic 1 Dec 2011

Honor Roll - Envato Author Items

Name Dates of reports
Ashik Mahmud — ashik685.me 5 Oct 2017
Deepak Holani — deepak.holani.5 3 Oct 2017
Anthony Briand
  • Jun 8 2017
  • May 4 2017
Dawid Golunski — legalhackers.com 26 May 2017
Arbin Godar — ArbinGodar.com
  • 22 Feb 2017
  • 17 Oct 2016
  • 22 Sep 2016
  • 14 Sep 2016
  • 30 Aug 2016
João Pina — Twitter 16 Dec 2016
SWTE — on CodeCanyon 25 Nov 2016
rem1nd — @rem1nd_ 24 Oct 2016
Daniel Z — reflz 03 May 2016
Oszkar Bencsik — 0xff.org 30 Mar 2016
Rahul Pratap Singh — 0x62626262.wordpress.com
  • 13 Mar 2016
  • 24 Jan 2016
  • 14 Jan 2016
  • 8 Jan 2016
Bevan Rudge — www.js.geek.nz 25 Mar 2015
Brett Chance — @uraniagroup 11 Sep 2014
Michael Wihl 31 Jul 2014
Milan A Solanki 21 July 2014
Ajay Singh Negi — @AjaySinghNegi
Prashant Negi — @prashantnegi_
Mahipal Singh Rajpurohit
15 July 2014