Submit Vulnerability Report

* Mandatory Field to Fill in

(Formats Supported:JPG、PNG、BMP and JPEG, 5 pictures at the most , size < 2M for each)

Detailed Descriptions:



Upload Attachment
Formats Supported: doc, docx, 7z, zip, gz, bz2, size < 20M

Please provide more detailed reports with reproducible steps in PoC.Please do not disclose the vulnerability information before it is fixed.

I have read and agreed with OPPO Security Response Center(OSRC)Terms.

Vulnerability Assessment Standard and Reward

Effective Date:01/01/2020

Brief Description of the Rewards (Currency: USD ($) ):

1. OPPO-owned business:

  • Critical:2000-3100

  • High:600-1000

  • Medium:200-500

  • Low:40-100

2. Third-party business:

  • Critical:110-140

  • High:30-60

Note: Vulnerability reward of the testing environment is 0.1 times that of its OPPO-owned business.

OPPO-owned business:

  • For example, OPPO Official Website, OPPO Store, OPPO AppStore, OPPO Game Center, OPPO Advertising Alliance, OPPO Cloud, OPPO ID, OPPO Community, OPPO Open Platform, OPPO Marketing Platform, ColorOS, OPPO+, OPPO Browser, and OPPO Theme Store, etc.

Third-party business:

  • Such as the agent marketing system, supplier system, etc.

    For third- party business, only high-risk and critical vulnerabilities will be accepted.

    If a special critical vulnerability is provided, the highest reward can be up to $7200, and OPPO OSRC will apply for a special reward for the reporter.

  • Please do not upload the details of the vulnerability to third-party websites. In that case, we will refuse to accept the vulnerability.

OPPO Security Response Center (OSRC) Platform Service Agreement