I found a vulnerability in a YC company’s app

I was testing a YC company’s product and discovered that their APIs were exposed. I reported this issue to them. Although I didn’t find any critical vulnerability, exposing all their APIs—something that wasn’t intended—was itself a bad practice.

I found a vulnerability in a YC company’s app screenshot 1
I found a vulnerability in a YC company’s app screenshot 2
I found a vulnerability in a YC company’s app screenshot 3