Credit where credit is due. Every time.
This page lists every external researcher who has responsibly disclosed a valid finding to Aevrix Group. We publish names and handles only with explicit consent — anonymous credit is also available.
2026 reports.
The Aevrix vulnerability disclosure programme launched in May 2026. No external reports have been received yet. When they are, valid researchers will be listed here.
Awaiting first report
Submissions are tracked privately, validated by our team, and acknowledged within two business days. Once a fix has shipped, we will offer public credit with the bug class and severity — but never the exact PoC unless you choose to publish a write-up.
The path.
- Read /policy/ and /scope/ first.
- Find a valid issue against an in-scope asset, in good faith, with reproducible steps.
- Report it privately to security@aevrix.org.
- Coordinate with us on fix timing.
- Tell us how you want to be credited — handle, real name, or anonymous.
- Once the fix is shipped, you appear here.
Entry format.
2026-08-12 @example-researcher Stored XSS /aevrix.dev/comments 2026-09-04 Anonymous IDOR /api.aevrix.dev/v1/orders
Newest entries appear at the top. Each entry stays public indefinitely unless the researcher requests removal.
Be first.
Find a valid issue, report in good faith, and you'll be the inaugural entry.