Newsletter Subscribe

Enter your email address below and subscribe to our newsletter

Report Vulnerabilities

Last Updated: October 23, 2025

Report Vulnerabilities — DEEPSEEK.INTERNATIONAL

DEEPSEEK.INTERNATIONAL welcomes responsible security research. If you believe you’ve found a security vulnerability on our site, thank you — we want to know about it so we can fix it fast and responsibly.

This page explains how to report issues, what we consider in-scope and out-of-scope, how we will handle reports, and how we’ll acknowledge and credit researchers.

What to report

Please report any issue that could compromise:

  • User privacy or personal data
  • Authentication or account security (login, password reset, session handling)
  • Data integrity or data leakage (database exposure, backups, S3 buckets)
  • Server-side vulnerabilities (SQL injection, RCE, file upload flaws)
  • Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), broken access controls
  • Any other vulnerability that could allow unauthorized access or data exfiltration

Do not report:

  • Low-impact, non-exploitable information (e.g., trivial UI typos) unless they lead to a security issue
  • Denial-of-Service (DoS) testing without prior written approval — DoS tests can harm users and infrastructure and are out-of-scope unless explicitly authorized

How to report (preferred method)

Email us at: contact@DEEPSEEK.INTERNATIONAL

When possible, include:

  1. Your name / handle and optional contact info (email, X/Twitter, GitHub)
  2. Vulnerability title (short)
  3. URL(s) and affected resource(s) (exact endpoints)
  4. Step-by-step reproduction (clear minimal steps we can follow)
  5. Proof of concept (PoC) — code snippets, curl commands, screenshots, or short video demonstrating the issue
  6. Impact assessment — what an attacker could do, what data could be exposed
  7. Suggested mitigation (optional)
  8. Disclosure preferences — public credit, anonymous, coordinated disclosure window, or coordinated disclosure with an embargo

Example report body

Title: Stored XSS in comment form
Target: https://DEEPSEEK.INTERNATIONAL/articles/why-ai-is-fun
Steps:
1) Visit /articles/why-ai-is-fun
2) Post comment: <script>alert('xss')</script>
3) Visit the article again or view comments as admin — script executes
PoC: screenshot attached + recorded curl request
Impact: Possible session hijacking for admins; persistent XSS
Suggested fix: Properly escape or sanitize comment input; apply Content Security Policy

Secure / Encrypted Reports

If you prefer to send sensitive details encrypted, email contact@DEEPSEEK.INTERNATIONAL and request our public PGP key. We will provide a public key for encrypting sensitive attachments (PoC code, database dumps, etc.). Do not post PoCs or sensitive exploit details publicly before we have had a chance to respond and patch.

What to expect after you report

  • Acknowledgement: We aim to acknowledge receipt of your report as quickly as possible.
  • Triage: We will triage and validate the issue, and may follow up for clarifications or more PoC details.
  • Fix & Disclosure: We will work to remediate the issue. We prefer coordinated disclosure and will discuss a reasonable timeline for public disclosure with you.
  • Credit: If you’d like public credit, we’ll list your name/handle in our security acknowledgements (unless you prefer anonymity).

Note: If you choose to publish PoC details before the issue is resolved, we may remove acknowledgment or refuse to work with uncooperative disclosure. We appreciate coordinated, responsible disclosure.

Safe Harbor

If you follow this policy in good faith (limited, non-destructive testing, immediate reporting, and no data exfiltration, resale, or public disclosure before remediation), DEEPSEEK.INTERNATIONAL will not pursue legal action against you. This safe harbor applies only to actions consistent with this policy and local laws — it is not a blanket authorization to break the law.

Scope

In-scope:

  • Any web assets under DEEPSEEK.INTERNATIONAL (site pages, APIs, subdomains owned/operated by us)
  • Login/account flows, comment systems, user data handling, admin panels

Out-of-scope:

  • Third-party services we integrate with (payment processors, external APIs) — report those issues to the vendor and notify us so we can coordinate.
  • Social engineering, phishing, or any attempt to access or attack other users’ accounts beyond demonstrating the vulnerability.
  • Denial-of-Service testing unless pre-approved.

Severity Guide

We use standard severity levels to prioritize fixes. If you include a suggested severity, we’ll consider it — but our security team will make the final determination.

  • Critical: Remote code execution, full database access, broken authentication allowing full account takeover, exposure of production secrets.
  • High: Privilege escalation, sensitive data leakage (personal data), serious access control bypasses.
  • Medium: Reflected XSS, authenticated SQLi with limited impact, info leakage.
  • Low: Minor XSS with limited context, CSRF on non-critical endpoint, low-impact info disclosure.
  • Informational: UI issues, outdated third-party library versions without exploitability, best-practice suggestions.

If you can, provide a CVSS score or rough estimate to help prioritization.

Bounty / Rewards

At present, DEEPSEEK.INTERNATIONAL does not run a formal bug bounty program. We greatly appreciate responsible reports and may offer:

  • Public credit (if you want it)
  • Gift card or small token of appreciation for high-impact discoveries (at our discretion)
    If you are interested in a formal bounty program, let us know and we’ll consider establishing one in the future.

Please do:

  • Test only on assets you are allowed to test (in-scope items listed above)
  • Limit testing to non-destructive verification steps (avoid mass scraping, DoS, or destructive DB writes)
  • Avoid accessing or exfiltrating personal user data — if you do accidentally access sensitive data, stop and notify us immediately

Please do not:

  • Publicly disclose PoCs, exploits, or detailed vulnerability write-ups before remediation (unless you and we agreed to coordinated disclosure)
  • Attempt social engineering or credential stuffing against our users or staff

Contact

Send reports to: contact@DEEPSEEK.INTERNATIONAL

If you want encrypted reporting, request our PGP public key at the same email.

Acknowledgements

We deeply appreciate the security research community. Responsible reports help keep everyone safe — we will credit researchers who request public acknowledgement.

Changes to this Policy

We may update this page from time to time. The “Last Updated” date at the top will reflect the latest change.

Contact Form Demo

Trending now

A close up of a cell phone with a keyboard
The Man Behind DeepSeek (Liang Wenfeng)
10 Innovative Apps You Can Build Today with the DeepSeek API Platform
DeepSeek API vs. OpenAI API: A Head-to-Head Comparison for Developers in 2025
How to Automate Your Business Workflow Using the DeepSeek API

Stay informed and not overwhelmed, subscribe now!