Hall of Fame
To improve the protection of its Information Communications Technology resources, the United Nations encourages the public to assist with its efforts by disclosing vulnerabilities in the United Nations’ publicly accessible information system.
Following are individuals and organizations that helped the United Nations in improving the security of the Organization's systems, data, and ICT resources by reporting security issues and vulnerabilities discovered.
Following are individuals and organizations that helped the United Nations in improving the security of the Organization's systems, data, and ICT resources by reporting security issues and vulnerabilities discovered.
United Nations Information Security Hall of Fame
Reported security misconfiguration on un.org
5 February 2021
Reported security misconfiguration on un.org
5 February 2021
Reported directory listing vulnerability on un-rok.org
5 February 2021
Reported security misconfiguration on un-csam.org
3 February 2021
Reported XSS vulnerability on unov.org
3 February 2021
Reported security misconfiguration on unfccc.int
2 February 2021
Sushant Kamble
Reported XSS vulnerability on un.org
31 January 2021
Reported XSS vulnerability on un.org
29 January 2021
Santosh Bobade (@Santosh88267387)
Reported Sensitive Data Exposure on unog.ch
25 January 2021
Reported security misconfiguration vulnerability on un.org
24 January 2021
Reported broken authentication vulnerability on un.org
22 January 2021
Reported a security misconfiguration vulnerability on unsceb.org
21 January 2021
Reported a security misconfiguration vulnerability on unep.org
20 January 2021
Reported a XSS vulnerability on unodc.org
19 January 2021
Reported a security misconfiguration vulnerability on unodc.org
16 January 2021
Reported XSS vulnerability on unesco.org
13 January 2021
Reported XSS vulnerability on unesco.org
13 January 2021
Jackson Henry, John Jackson, Aubrey Cottle, Nick Sahler
Reported server-side misconfigurations on unep.org
4 January 2021
Reported XSS vulnerability on unodc.org
2 January 2021
Reported XSS vulnerability on un.org
30 December 2020
Reported Sensitive Data Exposure on unep.org
29 December 2020
Reported broken access control on un.org
29 December 2020
Reported SDE/XSS vulnerability on unep.org
23 December 2020
Reported a security misconfiguration vulnerability on un.org
14 December 2020
Rawezh Ali
Reported a XSS vulnerability on unesco.org
15 December 2020
Reported a security misconfiguration on un.org
4 December 2020
Reported a security misconfiguration on un.org
24 November 2020
Reported CORS misconfiguration on un.org
8 November 2020
Wesley Santos (@dk4trin)
Reported a security misconfiguration on uneca.org
6 November 2020
Reported security misconfiguration vulnerability on un.org
27 October 2020
Niraj Gautam
Reported a Security Misconfiguration on un.org
24 October 2020
Reported a Security Misconfiguration on un.org
21 October 2020
Reported security misconfiguration on uneca.org
13 October 2020
Reported RCE vulnerability on un.org
7 October 2020
Reported CORS misconfiguration on unesco.org
6 October 2020
Reported server misconfiguration vulnerability on un.org
5 October 2020
Reported XSS vulnerability on un.org
5 October 2020
Reported XSS vulnerability on un.org
1 October 2020
Reported a security misconfiguration on un.org
30 September 2020
Reported XSS vulnerability on un.org
30 September 2020
INDIRA SABEESH
Reported security misconfiguration on un.org
26 September 2020
Reported SDE vulnerability on un.org
24 September 2020
Reported XSS vulnerability on un.org
12 September 2020
Muhammmad Usman Nasir
Reported multiple XSS vulnerabilities on unfccc.int
5 September 2020
Reported multiple XSS vulnerabilities on un.org
3 September 2020
Reported CORS misconfiguration vulnerability on un.org
18 August 2020
Reported CORS vulnerability on un.org
18 August 2020
Reported a XSS un.org
14 August 2020
Reported security misconfiguration vulnerability on un.org
11 August 2020
Reported clickjacking vulnerability on un.org
29 July 2020
Reported server misconfiguration vulnerability on un.org
23 July 2020
Nguyen Anh Tuan – nhiephon
Reported security misconfiguration on unog.ch
6 July 2020
Reported XSS vulnerability on www.un.org
6 July 2020
Reported Security Configuration vulnerability on www.unog.org
6 July 2020
Reported directory traversal on un.org
28 June 2020
Reported multiple clickjacking vulnerabilities on un.org
27 June 2020
Reported SDE vulnerability on un.org
25 June 2020
Reported broken authentication vulnerability on un.org
25 June 2020
Reported clickjacking vulnerability on un.org
24 June 2020
Reported XSS vulnerability on un.org
24 June 2020
Shivang Trivedi
Reported Security Misconfiguration on un.org
23 June 2020
Reported directory listing vulnerability on unescap.org
18 June 2020
Reported SDE vulnerability on un.org
17 June 2020
Reported security misconfiguration and SDE vulnerability on unep.org
2 June 2020
Reported security misconfiguration on unesco.org
22 May 2020
SecurityMate (@securitymate)
Reported a security misconfiguration on un.org
13 May 2020
Reported security misconfiguration on un.org
29 May 2020
Ansil Shah
Reported security misconfiguration on un.org
14 May 2020
Reported an XSS vulnerability on un.org
11 May 2020
Hüsnü Doğmaz.
Reported an XSS vulnerability on on unesco.org
11 May 2020
Reported a server misconfiguration vulnerability on unescap.org
5 May 2020
Pierre Louvet
Reported a security misconfiguration on un.int
30 April 2020
Reported server misconfiguration on un.org
29 April 2020
Reported a SDE vulnerability on un.org
28 April 2020
Dan Nicole Lyton Fonte (danlyt74@gmail.com)
Reported a SQLi vulnerability on unesco.org
28 April 2020
Aakash Adhikari (@dark_haxor)
Reported a security misconfiguration on unon.org
26 April 2020
Reported a security misconfiguration on unesco.org
20 April 2020
Reported a SQLi vulnerability on un.org
20 April 2020
Syed UmairUddin Nehri
Reported a server misconfiguration vulnerability on un.org
20 April 2020
Reported a security misconfiguration on un.org
14 March 2020
Halil AHMAD (@Halilahmadd, turkhackteam.org )
Reported an XSS vulnerability on unesco.org
28 February 2020
Kasper Karlsson
Reported a XSS vulnerability on unesco.org
27 February 2020
Kasper Karlsson
Reported a XSS and SQLi vulnerability on ohchr.org
27 February 2020
Reported XSS and Open Redirect vulnerabilities on www.unescap.org
24 February 2020
Reported a security misconfiguration vulnerability on un.org
20 February 2020
Reported a clickjacking vulnerability on un.org
17 February 2020
Reported a clickjacking vulnerability on un.org
16 February 2020
Reported a Security Misconfiguration on unon.org
14 February 2020
Kasper Karlsson
Reported a SQLi and XSS Vulnerability on un.org
7 February 2020
Reported an XSS Vulnerability on un.org
4 February 2020
Reported an XSS Vulnerability on un.org
4 February 2020
Reported an XSS vulnerability on ilo.org
4 February 2020
Reported a server misconfiguration on ilo.org
2 February 2020
Reported a security misconfiguration vulnerability on un.org
27 January 2020
Reported an XSS vulnerability on un.org
26 January 2020
Sagar Banwa
Reported XSS vulnerability on un.org
18 January 2020
Reported a SQLi vulnerability on un.org
17 January 2020
Gaurav Solanki (@heydarklord)
Reported a Security Misconfiguration on un.org
13 Jan 2020
Pankaj Kumar Thakur (@Nep_1337_1998)
Reported a security misconfiguration on un.org
9 January 2020
Nick Mitropoulos
Reported a server misconfiguration vulnerability on un.org
7 Jan 2020
Blindu Eusebiu
Reported server misconfiguration vulnerablity on un.org
4 January 2020
Reported sensitive data exposure on un.org
23 December 2019
Reported a security misconfiguration vulnerability on un.org
23 December 2019
Reported an XSS vulnerability on unog.ch
22 December 2019
Jeetu Rajput
Reported a security misconfiguration on un.org
19 December 2019
Reported multiple XSS vulnerabilities on un.org
12 December 2019
Avishek Nayal (Khanna Security Solution)
Reported XSS vulnerability on un.org
7 December 2019
Reported a security misconfiguration vulnerability on un.org
1 December 2019
Reported poodle vulnerability on un.org
1 December 2019
Namrata Arvikar
Reported an XSS vulnerability on un.org
26 November 2019
Reported a security misconfiguration on un.org
20 November 2019
Rohit Kumar
Reported a security misconfiguration on un.org
18 November 2019
Bolli Durga Bhagavan
Reported a security misconfiguration on un.org
8 November 2019
Reported an XSS vulnerability on un.org
31 October 2019
Reported a sever misconfiguration on un.org
22 October 2019
Reported security misconfiguration on unesco.org
18 October 2019
Reported a directory listing vulnerability on un.org
6 October 2019
Alfie Njeru of Salaam Technology Limited (@emenalf)
Reported SDE/XSS vulnerability on ilo.org
2 October 2019
Reported an XSS vulnerability on unesco.org
22 August 2019
Reported a server misconfiguration on un.org
16 August 2019
Reported an XSS vulnerability on un.org
15 August 2019
Reported a server misconfiguration on un.org
14 August 2019
Reported security misconfiguration vulnerability on un.org
13 August 2019
Fredrik Nordberg Almroth
Reported a server misconfiguration on un.org
8 August 2019
Reported multiple XSS vulnerabilities on un.org
15 July 2019
Romesh Chander
Reported a server misconfiguration on unesco.org
8 July 2019
Reported security misconfiguration on un.org
5 July 2019
Pankaj Kumar Thakur (@Nep_1337_1998)
Reported a server misconfiguration on unsceb.org
5 July 2019
Reported content injection vulnerability on un.org
30 June 2019
Reported a security misconfiguration on un.org
24 June 2019
Reported an XSS vulnerability on un.org
13 June 2019
Reported a server misconfiguration on un.org
3 June 2019
Arman Sameer
Reported an XSS vulnerability on un.org
26 May 2019
Mustafa (@c0braBaghdad1)
Reported a poodle vulnerability on un.org
23 May 2019
Reported an XSS vulnerability on un.org
13 May 2019
Pankaj Thakur (@Nep_1337_1998)
Reported a security misconfiguration vulnerability on un.org
10 May 2019
Reported a security misconfiguration on un.org
23 April 2019
Reported a security misconfiguration on unog.ch
21 April 2019
Abhinav Singh (@abhinavbom)
Reported a CORS misconfiguration vulnerability on un.org
19 April 2019
Shivam Khambe
Reported a server misconfiguration on unsceb.org
17 April 2019
Reported an open redirect vulnerability on un.org
26 March 2019
Damini Soni
Reported a security misconfiguration on un.org
22 March 2019
Reported a content injection vulnerability on un.org
15 March 2019
Aleem Ladha
Reported a sensitive data exposure on un.org
14 March 2019
Reported multiple XSS vulnerabilities on un.org
14 March 2019
Safwat Refaat
Reported a security misconfiguration vulnerability on un.org
12 March 2019
Reported a SQLi vulnerability on un.org
12 March 2019
Reported an XSS vulnerability on un.org
12 March 2019
Reported an XSS vulnerability on un.org
8 March 2019
Reported an XSS vulnerability on un.org
4 March 2019
Hoang Quoc Thinh (@g4mm4 of CyberJutsu.IO)
Reported a security misconfiguration on un.org
18 February 2019
Irfan Sayed
Reported a server misconfiguration on unsceb.org
9 February 2019
Farah Mehboob (@MehboobFarah)
Reported security misconfiguration vulnerability on un.org
7 February 2019
Sachin Sharma
Reported A security misconfiguration on un.org
28 January 2019
Reported an XSS vulnerability on un.org
26 January 2019
Reported a security misconfiguration on un.org
26 January 2019
Pranav Jagtap
Reported a SQLi vulnerability on un.org
23 January 2019
Kiran Karnad
Reported an XSS vulnerability on un.org
19 January 2019
Vismit Sudhir Rakhecha(Druk) (@rvismit)
Reported a security misconfiguration on un.org
13 January 2019
Reported a security misconfiguration on un.org
12 January 2019
Meridian Miftari
Reported a SQLi vulnerability on un.org
4 January 2019
Mrunal Chawda
Reported a security misconfiguration on un.org
1 January 2019
Reported an XSS vulnerability on un.org
31 December 2018
Reported a server misconfiguration vulnerability on un.org
22 December 2018
MyoKo (@nutronex)
Reported a server misconfiguration vulnerability on un.org
19 December 2018
Lacroute Serge (@fakessh)
Reported an XSS/server misconfiguration on un.org
16 December 2018
Hrishikesh Panse
Reported an XSS vulnerability on un.org
28 November 2018
Aagam Shah
Reported a server misconfiguration on un.org
24 November 2018
Mohammed Adam
Reported a server misconfiguration on unsceb.org
23 November 2018
Reported multiple XSS vulnerabilities on un.org
22 November 2018
Reported an XSS vulnerability on un.org
5 November 2018
Reported an XSS vulnerability on un.org
2 November 2018
Reported a SQLi vulnerability on un.org
24 October 2018
Reported an XST vulnerability on un.org
23 Oct 2018
Reported a server misconfiguration on un.org
21 October 2018
Reported a server misconfiguration on unsceb.org
18 October 2018
0xMitsurugi (@0xMitsurugi)
Reported a security misconfiguration on un.org
25 October 2018
Reported a directory listing vulnerability un.org
5 October 2018
Reported an XSS vulnerability on un.org
22 September 2018
Miguel Quiñonez Meza (@Y4r4G)
Reported an XSS vulnerability on un.org
21 September 2018
Reported a server misconfiguration on unsceb.org
21 September 2018
Reported a server misconfiguration on un.org
15 September 2018
Avinash Jain (@logicbomb_1)
Reported a server misconfiguration vulnerability un.org
9 September 2018
Kerem Tamci
Reported a SQLi vulnerability on un.org
4 September 2018
Reported a CORS misconfiguration vulnerability on un.org
3 September 2018
Reported an XSS vulnerability on un.org
1 September 2018
Reported an open redirect vulnerability on un.org
30 August 2018
Rabsun Sarkar
Reported a clickjacking vulnerability on un.org
13 August 2018
Reported an XSS vulnerability on un.org
30 July 2018
Reported a server misconfiguration vulnerability on un.org
30 July 2018
Reported a directory listing vulnerability on un.org
29 July 2018
SI9INT Website (https://si9int.sh)
Reported an XSS vulnerability on un.org
26 July 2018
Reported an XSS vulnerability on un.org
20 July 2018
Reported a directory traversal vulnerability on un.org
18 July 2018
Reported an XSS vulnerability on un.org
16 July 2018
Jainendra Jain
Reported a SQLi vulnerability on un.org
4 July 2018
Reported an XSS vulnerability on un.org
9 June 2018
Arvind Mudaliyar
Reported an XSS vulnerability on un.org
18 May 2018
Reported an XSS vulnerability on un.org
25 April 2018
Reported an XSS vulnerability on un.org
9 April 2018
Reported an HTML injection vulnerability on un.org
7 April 2018
Reported a Directory Listing vulnerability on un.org
3 April 2018
Reported a server misconfiguration on un.org
26 March 2018
Danish Tariq and Ali Hassan Ghauri (www.danalweb.com)
Reported a clickjacking vulnerability on un.org
23 March 2018
Chirag Gupta
Reported an XSS vulnerability on unesco.org
22 March 2018
Reported a server misconfiguration on un.org
22 March 2018
Reported an XSS vulnerability on un.org
19 March April 2018
Reported a server misconfiguration on un.org
5 March 2018
Reported a server misconfiguration on un.org
5 March 2018
Mitesh Patil
Reported a CORS misconfiguration vulnerability on un.org
2 March 2018
Mitesh Patil
Reported a CORS misconfiguration on un.org
2 March 2018
Akash Labade
Reported a Poodle vulnerability on un.org
2 March 2018
Reported a Poodle vulnerability on un.org
2 March 2018
Juba Baghdad (@JubaBaghdad)
Reported a path disclosure vulnerability on un.org
2 March 2018
Reported a path disclosure vulnerability on un.org
28 Feburary 2018
Danish Tariq
Reported a Clickjacking vulnerability on un.org
27 February 2018
Frank Vickers
Reported a path disclosure vulnerability on un.org
27 February 2018
Jose Carlos Exposito Bueno
Reported a SQLi vulnerability on un.org
26 February 2018
Reported a Directory Listing vulnerability on un.org
25 February 2018
Reported a server misconfiguration on un.org
25 February 2018
Reported a SQLi vulnerability on un.org
25 February 2018
Mitesh Patil
Reported a CORS misconfiguration vulnerability on un.org
23 February 2018
Saurabh Gurgule
Reported a CORS misconfiguration vulnerability on un.org
23 February 2018
Reported a SQLi vulnerability on un.org
22 February 2018
Reported a file disclosure vulnerability on un.org
15 February 2018
Reported a SQLi vulnerability on un.org
13 February 2018
Jose Carlos Exposito Bueno
Reported an XSS vulnerability on un.org
3 February 2018
Vitthal Shinde
Reported CORS misconfiguration vulnerability on un.org
1 February 2018
Taha Smily (@TahakhanTaha)
Reported an XSS vulnerability on un.org
1 February 2018
Vicky Smart
Reported a CORS misconfiguration vulnerability on un.org
29 January 2018
Wen Bin Kong
Reported an XSS vulnerability on un.org
28 January 2018
Thrivikram Gujarathi
Reported a CORS misconfiguration vulnerability on un.org
26 January 2018
Pranav Jagtap
Reported a SQLI vulnerability on un.org
23 January 2018
Ravi Xander
Reported an XSS vulnerability on unog.ch
23 January 2018
Reported an XSS vulnerability on un.org
22 January 2018
Reported a path disclosure vulnerability on un.org
22 January 2018
MyGf (TurkHackTeam.org, @tht_mygf)
Reported an XSS vulnerability on un.org
22 January 2018
Adesh Nandkishor Kolte
Reported an input sanitization error on un.org
22 January 2018
Reported a content injection vulnerability on un.org
21 January 2018
Ashutosh Barot
Reported a content injection and a server misconfiguration on un.org
21 January 2018
Reported an XSS vulnerability on un.org
19 January 2018
Reported a SQLi vulnerability on un.org
19 January 2018
Mahesh Raykar
Reported an XSS vulnerability on un.org
19 January 2018
Reported an XSS vulnerability on un.org
19 January 2018
Mayank Garg
Reported a SQLi vulnerability on un.org
18 January 2018
Reported an HTML injection vulnerability on un.org
18 January 2018
Ferdi Bak (@iosFerdi)
Reported an XSS vulnerability on unog.ch
18 January 2018
Naina Usman
Reported an XSS vulnerability on un.org
18 January 2018
Ankit Singh
Reported a CORS misconfiguration vulnerability on un.org
17 January 2018
Amir Naseem
Reported an XSS vulnerability on un.org
17 January 2018
Rounak Dhadiwal, HackersEra Cyber Security Consultancy Pvt.Ltd
Reported an XSS vulnerability on un.org
16 January 2018
Ali Tutuncu
Reported an XSS vulnerability on un.org
16 January 2018
Harsh Suratwala
Reported an XSS vulnerability on un.org
16 January 2018
Vikash Chaudhary, CEO & Founder at HackersEra Cyber Security Consultancy and Training PVT LTD
Reported an XSS vulnerability on un.org
15 January 2018
Renwa Hiwa (@RenwaX23)
Reported an XSS vulnerability on un.org
14 January 2018
Vikash Chaudhary, CEO & Founder at HackersEra Cyber Security Consultancy and Training PVT LTD
Reported an XSS vulnerability on un.org
13 January 2018
Taha Smily
Reported an Open URL Redirection vulnerability on un.org
12 January 2018
Nisheal A John
Reported an XSS vulnerability on un.org
12 January 2018
Nisheal A John
Reported a SQLi vulnerability on un.org
12 January 2018
Rashed Al Naamani (@0man_X_HaCker)
Reported an XSS vulnerability on un.org
9 January 2018
Aditya Jadhav (www.securecyberfuture.com)
Reported an XSS vulnerability on un.org
4 January 2018
Aditya Jadhav (www.securecyberfuture.com)
Reported a SQLi vulnerability on un.org
4 January 2018
Sajibe Kanti (@Sajibekantibd)
Reported a content injection vulnerability on un.org
2 January 2018
Max Derrick
Reported an XSS vulnerability on un.org
2 January 2018
Nick Kelley
Reported an XSS vulnerability on un.org
19 December 2017
Daniel Kelley
Reported a Path Disclosure vulnerability on un.org
19 December 2017
Steven Hampton (@keritzy)
Reported an XSS vulnerability on un.org
17 December 2017
Renwa (@RenwaX23)
Reported an XSS vulnerability on un.org
13 December 2017
Reported an XSS vulnerability on un.org
20 November 2017
Alvaro Muñoz (@pwntester)
Reported a .Net deserialisation vulnerability on tradestrategy.org
20 November 2017
Lewis (@LewisBugBounty)
Reported an XSS vulnerability on un.org
13 September 2017
SecuNinja
Reported an XSS vulnerability on unog.ch
11 September 2017
Lewis (@LewisBugBounty)
Reported an XSS vulnerability on un.org
12 August 2017
LewisWildgoose
Reported an XSS vulnerability on childrenandarmedconflict.un.org
17 July 2017
Remco Verhoef / DutchSec (twitter.com/remco_verhoef)
Reported a server misconfiguration
9 December 2016
United Nations Responsible Disclosure and Reporter Acknowledgment Policy
To improve the protection of its Information Communications Technology resources, the United Nations encourages the public to assist with its efforts by disclosing vulnerabilities in the United Nations’ publicly accessible information system. The manner by which such assistance may be made available to the United Nations is set forth below.
What to report to the United Nations
Security incidents and details of vulnerabilities associated with publically accessible United Nations (UN) Information Communications Technology resources, including websites.
Vulnerability reporting policy:
The UN will accept disclosures of vulnerabilities under the following conditions:
- The vulnerability has not already been publically disclosed.
- The vulnerability should be reported to the UN as quickly as possible after its discovery.
- The vulnerability findings must remain confidential for at least 90 days following the date the vulnerability was reported to the UN or until public disclosure of the vulnerability has been made on this website.
- The severity of a vulnerability finding is assessed by the UN at its own discretion.
- The name and contact information of the reporter may be disclosed to affected technology vendor(s) unless otherwise requested by the reporter.
The UN reserves the right to accept or reject any security vulnerability disclosure report at its discretion.
Individuals or entities who wish to report security vulnerability should follow the procedures set forth below:
- The findings, including contact details, should be sent to infosec@un.org.
- The findings should be communicated using PGP encrypted messages using the public key (PGP Fingerprint: A001 EB04 2D38 7016 EEA8 CC54 798E 86D7 6B9A A810) available on this website.
- As much information as possible regarding the finding should be communicated to the UN to enable the Organization to reproduce and verify the vulnerability, in order to implement appropriate remediation actions.
- The vulnerability findings must remain confidential for at least 90 days following the date the vulnerability was reported to the UN or until public disclosure of the vulnerability has been made on this website.
If more information is required regarding a reported vulnerability, the UN may contact the reporter; therefore it is important to provide valid contact details, including email address and/or telephone number.
If the conditions listed above are satisfied, the UN will verify the existence of the vulnerability, notify affected parties, and implement actions to mitigate the vulnerability.
Once the vulnerability has been removed, the reporter will be acknowledged unless he/she wishes to remain anonymous, and listed (at his or her own discretion) on this page with a short description of the vulnerability reported.
By reporting vulnerability findings to the UN, the reporter acknowledges that such reporting is provided pro bono and without expectation of financial or other compensation. The reporter also affirms that neither he/she nor any entity that he/she represents is complicit in human rights abuses, tolerates forced or compulsory labour or use child labour, is involved in the sale or manufacture of anti-personnel mines or their components, or does not meet the purposes and principles of the United Nations.