Report Suspected Site Vulnerabilities

At Upwork, we take the security of our users very seriously. Upwork values the work done by security researchers in improving the security of our products and service offerings. We are committed to working with this community to verify, reproduce, and respond to legitimate reported vulnerabilities. We encourage the community to participate in our responsible reporting process. For more information about reporting Upwork-related suspicious activity by a fellow user, click here instead.

If you believe you have discovered a potential security vulnerability on any of the upwork.com domains, please help us fix it as quickly as possible by reporting your findings to us following our Guidelines for Responsible Disclosure (described below). Publicly disclosing a vulnerability can put the entire community at risk, so we urge those reporting vulnerabilities to keep matters private until we can resolve the issue.

Security is very important at Upwork. We investigate all reported vulnerabilities, using a third party service to validate the vulnerability and ensure the appropriate monetary reward to the researcher if they follow the Guidelines for Responsible Disclosure.

 


Guidelines for Responsible Disclosure

At Upwork, we recognize the important role that security researchers and our community play in keeping Upwork and our customers secure. If you discover a vulnerability on upwork.com, please notify us by email at security-reports@upwork.com using the following guidelines:

  • Please share the security issue with us before making it public on message boards, mailing lists, or other forums.
  • Please wait until we notify you that the vulnerability has been resolved before you disclose it to others.  We take the security of our customers very seriously, and some vulnerabilities take longer than others to resolve.
  • When submitting a vulnerability, please provide a clear, concise description of steps to reproduce the vulnerability.
  • Please provide full details of the security issue, including Proof-of-Concept URL and the details of the system where the tests were conducted.
  • To receive credit, you must be the first to report the vulnerability, and you must provide us a reasonable amount of time to remediate before you disclose the issue publicly. We use a third party service to validate the vulnerability and provide monetary rewards to the researcher.
  • Your submission will be reviewed and validated by a member of the Information Security team. Providing clear and concise steps to reproduce the issue will help to expedite the response.
  • Please do not engage in security research that involves:
    • Potential or actual damage to Upwork users, systems, or applications.
    • Use of an exploit to view data without authorization that involves the corruption of data.
    • Requests for compensation for the reporting of security issues through any external marketplace for vulnerabilities, whether black-market or otherwise.

Have more questions? Submit a request

Comments

Select your issue category and subcategory
Please share as much information as you can, including things like:
Attachment (for example, screenshots):
Add Files
    Popular Topics
    Provide more details:
    Attachment (for example, screenshots):
    Add Files
      • Discuss with Upwork Community

      Your request has been submitted

      Your ticket number is XXXXXXXXX
      We will email you as soon as we can.

      Our records show your Upwork account is not active.

      This might be due to no account activity (earnings, payments, contracts, etc.) or because we had to suspend it. When we suspend an account we send an email explaining the reason and whether or not you can take steps to reverse the suspension. Please review that email for more details.

      For general questions, you can visit our Community or review our Terms of Service.

      We’ll start a video chat with you. Please make sure you use a desktop device with a camera to continue the process. Also, allow Upwork temporary use of your camera and microphone. You may disable this access after the chat session.

      If all of our agents are busy when you attempt to chat, please hold, and one of our agents will be with you shortly.

      We noticed that you're currently using a browser that is not supported by our video verify process.

      We recommend that you switch to Google Chrome or Firefox in order to successfully complete verification. Thank you

      Upwork’s Category Specialists are standing by to help you discover and plan new projects.

      Ask them about roles or projects that you want to learn more about. They can also draft job posts for you.

      Your chat will begin in the bottom right corner of this page.

      Upwork’s Category Specialists are currently offline.

      Send us a message below and we’ll respond via email as soon as we can. You can also come back here during business hours (Mon-Fri, 6am-5pm PT) to chat with us.

      How can we help?
      Thanks for your message! A Category Specialist will respond to your message via email as soon as they can.