Scope of the vulnerability policy

Explicitly in scope

All endpoints should only be accessible via HTTPS.

The following endpoints, websites, APIs, web-apps, etc. are in scope:

Entries marked with * should only be accessible via VPN.
Entries marked with † should only be accessible via Authentification (e.g. Bearer Token).
Entries marked with ⚐ are only partly in scope. philip.media only manages the domain for those instances. Reports for those domains will be forwared.

Explicitly out of scope

https://api.veganify.app/v0/cron/
https://api.veganify.app/v0/peta/crueltyfree
https://api.veganify.app/v0/peta/veganapproved