Reports in aspen program: S.No Title Bounty 1 aspen | clickjacking $0.0 2 Server Path Disclosure $0.0 3 Cross-origin resource sharing (CORS) $0.0 4 Password reset token leak on third party website via Referer header $0.0 5 No Rate Limit (Leads to huge email flooding/email bombing) $0.0 6 client_secret Token disclosure $0.0 7 Information leakage on django.aspen.io $0.0 8 Email Spoofing $0.0 9 Session does't get expired after changing the password in https://readthedocs.org $0.0