Hall of Fame
The Hall of Fame is open. The first entry will be posted as soon as the first responsible-disclosure report is fixed and acknowledged.
Want to be the first? Read the disclosure policy and email security@cloakapi.io.
What appears on this page
Each accepted entry shows: researcher handle (or anonymous on request), disclosure date, finding category at high level (e.g. "OAuth flow", "Receipt verification", "Admin authentication"), CVSS severity bucket, and a short narrative once the public-disclosure window closes. Bounty amounts are not published per-entry; the policy describes the severity-to-bounty mapping at /policy#bounty.
| Date | Researcher | Category | Severity |
|---|---|---|---|
| — no entries yet — | |||