Security disclosure
Use this page for security issues affecting Oil Manual itself. For oil data, vehicle specs, sources, or editorial corrections, use the correction form.
How to report
Until a dedicated security mailbox is configured, send security reports to corrections@oilmanual.com with the subject Security report.
Include the affected URL, a concise impact summary, reproduction steps, screenshots or request samples when useful, and a safe contact method for follow-up.
Safe testing
Do not run destructive tests, denial-of-service attempts, spam, credential attacks, automated high-volume scans, or attempts to access private user data. Do not include VINs, passwords, payment details, API keys, or other unnecessary sensitive information.
Scope
In scope: public Oil Manual pages, static assets, headers, forms, correction intake
behavior, and generated discovery files such as sitemaps and security.txt.
Out of scope: third-party OEM manual portals, Cloudflare account configuration that cannot be verified from the public site, and claims about vehicle oil specifications without a security impact.
Response expectations
Oil Manual does not run a paid bug bounty. Valid reports will be reviewed, prioritized by severity and user impact, and fixed as part of the normal release process.