Hall of Fame
Welcome to the Hall of Fame, a place where we celebrate security researchers, power users, partners, and community contributors who helped make Lumin PDF safer, smarter, and more useful for millions of people.
Lumin community champions
Congratulations to everyone who has contributed!
If your name appears incorrectly on the list or you believe your name should be included, please contact us at [email protected]
| Name | Summary |
|---|---|
Identified a Broken Access Control issue in the invitation workflow that allowed manipulation of user-role parameters, resulting in disrupted invite management for workspace administrators. Discovered an access control bypass exposing restricted workspace data to member-level users. | |
Reported an XSS vulnerability allowing arbitrary script execution via crafted URL parameters. | |
Identified a logic flaw in the document-signing workflow that allowed unauthorized modification of signer permissions after a document was approved. | |
Identified an IDOR issue in the WebSocket-based commenting flow that enabled posting comments as another user. Identified an IDOR issue in the comment system that allowed unauthorized deletion of another user’s comments. | |
Reported a server-side access control flaw that allowed members to retrieve signature image URLs from password-protected documents via an exposed GraphQL query. | |
Reported a business logic issue in workspace ownership and user-management flows that enabled users to rejoin in a state where the true owner could no longer delete them. | |
Identified an OAuth state-handling weakness allowing attackers to force a victim’s account to integrate with an attacker-controlled Slack workspace. | |
Identified that document access tokens were publicly discoverable and could be used to view documents and associated user information without authentication. | |
Identified an API key mismanagement issue that allowed former admins to retain and use organization-level API keys after being removed from the workspace. |
Empowering security through collaboration
Bug bounty program
Find security issues in Lumin and get a reward with our vulnerability disclosure program.
Lumin security
Lumin ensures robust, modern security with tailored solutions and industry-standard compliance.
How to report?
Please send all security reports to [email protected]