TravalaSRC

Travala Security Response Center

We sincerely invite security experts to help defend the security of millions of travellers worldwide.

Report A Bug

Announcement

  • 2026-07-10

    Welcome to TravalaSRC

    Travala’s Security Response Center is open to researchers. Submit valid vulnerabilities through the form below and our security team will review your report.

Scope & Policy

Please review what is in scope before submitting. Only test against assets you are authorized to assess, and never access, modify, or destroy data that is not yours.

In scope

  • www.travala.com and travala.com web applications
  • Travala public APIs used by the website and apps
  • Official Travala mobile / webview experiences under travala.com

Out of scope

  • Third-party services, vendors, or partners not operated by Travala
  • Social engineering, phishing, or physical attacks
  • Denial of service / volumetric attacks
  • Spam, content injection without security impact, or best-practice findings without a realistic exploit path

Rules of engagement

  1. Do not exfiltrate personal data or payment information.
  2. Give us a reasonable time to remediate before public disclosure.
  3. One vulnerability per report when possible; include clear reproduction steps.
  4. Reports must be submitted via this page — do not use public channels for sensitive details.

Hall of Fame

We thank researchers who responsibly disclose security issues. Valid, accepted reports may be recognized here.

Be the first researcher recognized in our Hall of Fame.

Submit a Bug Report

Share clear details so our team can reproduce and triage quickly. You will receive a confirmation once the report is submitted.

PNG, JPG, GIF, WebP, PDF, TXT, or ZIP — max 10 MB

Security check