Public beta now open

Never lose a vulnerability
report again

The dead-simple drop-in replacement for security@domain.com. A proper dashboard, structured reports, severity ratings, and real-time status tracking. All in one link.

Get StartedSee how it works
dashboard — zeroday.report
>5 new vulnerability reports
criticalSSRF in image proxy endpoint
lowInformation disclosure in error pages
mediumOpen redirect on OAuth callback
highXSS via profile bio field
criticalSQL Injection in /api/users endpoint
$ Waiting for your response...

How it works

Three steps. That's it.

No complex setup. No procurement process. No sales calls. Just create, share, and start receiving properly structured vulnerability reports.

01

Create a project

Link a GitHub repo or name a project. Takes 30 seconds. We generate a unique reporting URL for you.

https://zeroday.report/r/your-project
02

Share your link

Drop it in your security.txt, README, or wherever you currently point people to security@. Done.

# security.txt
Contact: https://zeroday.report/r/your-project
03

Receive & manage reports

Reports come in structured with severity, details, and reproduction steps. Triage, respond, and resolve — all from one dashboard.

$ 3 new reports → 1 critical, 1 high, 1 medium

Comparison

You already know email sucks for this

We're not competing with HackerOne. We're replacing the inbox you're already ignoring.

zeroday.reportsecurity@
Structured reports with severity
Dashboard & search
Status tracking
Reporter authentication
Block bad actors
Response time tracking
Setup time
30 seconds
Already done
Cost
Free to start
Free but painful

Stop losing vulnerability reports
in your inbox

Get started with ZeroDay.report and replace security@domain.com with something that actually works.

Get Started

Free for open source. Always. Just ask.