Postman · Vulnerability Disclosure

Postman Vulnerability Disclosure

Vulnerability disclosure

Postman runs a coordinated vulnerability disclosure program on Hackerone. A machine-readable /.well-known/security.txt is served. A dedicated security contact is published.

AI Agent BuilderAI AgentsAPI CatalogAPI ClientAPI DesignAPI DevelopmentAPI DocumentationAPI GovernanceAPI LifecycleAPI MonitoringAPI NetworkAPI PlatformAPI TestingAudit LogsAutomationCI/CDCollaborationCollectionsComplianceDiscoveryEnvironmentsFlowsGraphQLgRPCHTTPInsightsMCPMCP GeneratorMock ServersMockingMonitorsNewmanOpenAPIPlatformPrivate API NetworkPublic API NetworkSecret ScanningSpec HubSpecificationsSSOTestingVaultWebSocketWorkflowsWorkspaces
Program: Hackerone security.txt present

Disclosure Policy

Policy

Security Contact

Contact
https://hackerone.com/postman
Contact
mailto:security@postman.com

Source

Vulnerability Disclosure

Raw ↑
generated: '2026-07-11'
method: searched
probe: true
source: https://www.postman.com/.well-known/security.txt
policy:
- https://www.postman.com/security/vulnerability-reporting/
contact:
- https://hackerone.com/postman
- mailto:security@postman.com
evidence:
- source: https://www.postman.com/.well-known/security.txt
  kind: security.txt (live probe)