OWASP BLT - Bug Reporting Platform
close
BLT logo

OWASP BLT
OWASP Project • AGPLv3 Licensed

report bugs, get rewards

OWASP BLT gives teams a practical front door to collect issue reports, route sensitive vulnerabilities to BLT-Zero, and keep community reporting transparent through a live leaderboard.

Start reporting Use BLT-Zero
20
Bugs reported
6 open 14 closed
4
Domains
6
Active reporters

What OWASP BLT gives your team

Built for practical bug intake: clear public reporting, safe vulnerability handling, and community visibility in one workflow.

Public bug reports

Capture 404/500 issues, UI regressions, performance problems, typo fixes, and policy violations in one place.

Anonymous intake via BLT-API

Contributors can submit reports without exposing account identity when privacy is important.

Secure vulnerability path

Route critical security disclosures through BLT-Zero with zero-log, zero-tracking guarantees.

Live leaderboard

Recognition stays visible through an auto-refreshed leaderboard generated from issue activity.

Report issues on any website

BLT covers the entire internet — report bugs, broken pages, or security problems on any domain, not just your own.

Earn rewards for every report

Reporters earn BACON tokens for accepted bug reports, turning community contributions into tangible recognition.

How teams use OWASP BLT daily

Keep public issue intake simple, keep sensitive security reports private, and keep contributor trust high with transparent tracking.

Report a public bug

GitHub template or anonymous submission

Supported issue categories include:

404 / 500 errors Functional issues Performance Slow loading Typos Design issues IP / trademark License violations
Report a bug

Report a vulnerability

Private channel powered by BLT-Zero

For sensitive security findings, use a private disclosure route with stronger safety guarantees:

Zero logs Zero tracking Zero storage Encrypted transport
Only the report ID and status are visible to the organization. Sensitive vulnerability payloads are not stored in the receiving server.
Report vulnerability

Recent bug reports

Latest community-submitted issues from this repository

View all reports
Bug screenshot

owasp.org favicon[BUG] The code button is not working

Aditya-debugs141's avatarAditya-debugs1411
Apr 7, 2026
owasp-blt[bot]'s avatar

👋 Thanks for opening this issue, @Aditya-debugs141! Our team will review it shortly. In the meantime: - If you'd like to work on this issue, comment `/assign` to get assigned. - Visit [OWASP BLT-Pool](https://pool.owaspblt.org) for more information about our bug bounty platform.

1 comment
Bug screenshot

owasp.org favicon[BUG] The documentation button is not working

Aditya-debugs141's avatarAditya-debugs1411 1
Apr 7, 2026
owasp-blt[bot]'s avatar

👋 Thanks for opening this issue, @Aditya-debugs141! Our team will review it shortly. In the meantime: - If you'd like to work on this issue, comment `/assign` to get assigned. - Visit [OWASP BLT-Pool](https://pool.owaspblt.org) for more information about our bug bounty platform.

1 comment
Bug screenshot

owasp.org favicon[BUG] tabs are overlapping

DonnieBLT's avatarDonnieBLT1
Mar 19, 2026
owasp-blt[bot]'s avatar

@Manahil-Afzal This issue is not yet ready for assignment. A maintainer (such as @donnieblt) must first review it and add the "help wanted" label before `/assign` can be used.

5 comments

How it works

Three practical steps to improve web quality and security response.

1. Spot a bug

Find a broken flow, performance issue, typo, visual regression, or policy concern.

2. Submit report

Use the GitHub template for normal issues or submit anonymously through BLT-API.

3. Build trust

Accepted reports improve your leaderboard rank and help teams triage faster.

Leaderboard

Updated May 14, 2026

Submit report

Top Reporters

Top Commenters

Top Domains

View Full Leaderboard

Leaderboard refreshes automatically when issues are opened, labeled, closed, reopened, or when code is pushed to main.