Welcome to the United Nations
  1. Home
  2. Hall of Fame

Hall of Fame

To improve the protection of its Information Communications Technology resources, the United Nations encourages the public to assist with its efforts by disclosing vulnerabilities in the United Nations’ publicly accessible information system.
Following are individuals and organizations that helped the United Nations in improving the security of the Organization's systems, data, and ICT resources by reporting security issues and vulnerabilities discovered.

Following are individuals and organizations that helped the United Nations in improving the security of the Organization's systems, data, and ICT resources by reporting security issues and vulnerabilities discovered. 

United Nations Information Security Hall of Fame

 

Jebarson Immanuel

Reported security misconfiguration on un.org
5 February 2021

Dhruv Pindawala

Reported security misconfiguration on un.org
5 February 2021

Dhruv Pindawala

Reported directory listing vulnerability on un-rok.org
5 February 2021

Dhruv Pindawala

Reported security misconfiguration on un-csam.org
3 February 2021

Nawaf Majid Almutairi

Reported XSS vulnerability on unov.org
3 February 2021

Tony Marcel Nasr

Reported security misconfiguration on unfccc.int
2 February 2021

Sushant Kamble
Reported XSS vulnerability on un.org
31 January 2021

MUKHTAR SERIKBAYEV

Reported XSS vulnerability on un.org
29 January 2021

Santosh Bobade (@Santosh88267387)

Reported Sensitive Data Exposure on unog.ch
25 January 2021

Viktor Markopoulos

Reported security misconfiguration vulnerability on un.org
24 January 2021

Jadek Mark (@mase289)

Reported broken authentication vulnerability on un.org
22 January 2021

Sujay Gaonkar

Reported a security misconfiguration vulnerability on unsceb.org
21 January 2021

Magrabur Alam Sofily

Reported a security misconfiguration vulnerability on unep.org
20 January 2021

Krishnendu Bhowmick

Reported a XSS vulnerability on unodc.org
19 January 2021

Akash.H.C

Reported a security misconfiguration vulnerability on unodc.org
16 January 2021

Jackson Henry

Reported XSS vulnerability on unesco.org
13 January 2021

Takshal Patel(tojojo)

Reported XSS vulnerability on unesco.org
13 January 2021

Jackson Henry, John Jackson, Aubrey Cottle, Nick Sahler

Reported server-side misconfigurations on unep.org
4 January 2021

Aakash Madaan (Godsky)

Reported XSS vulnerability on unodc.org
2 January 2021

Adrián Pedrazzoli

Reported XSS vulnerability on un.org
30 December 2020

Leo Waweru

Reported Sensitive Data Exposure on unep.org
29 December 2020

Jadek Mark (@mase289)

Reported broken access control on un.org
29 December 2020

Usama Arshad

Reported SDE/XSS vulnerability on unep.org
23 December 2020

Cankat Çakmak

Reported a security misconfiguration vulnerability on un.org
14 December 2020

Rawezh Ali

Reported a XSS vulnerability on unesco.org
15 December 2020

Renganathan

Reported a security misconfiguration on un.org
4 December 2020

Vikas Srivastava, INDIA

Reported a security misconfiguration on un.org
24 November 2020

Bhagavan Bollina

Reported CORS misconfiguration on un.org
8 November 2020

Wesley Santos (@dk4trin)

Reported a security misconfiguration on uneca.org
6 November 2020

Tayfun Akyıldız

Reported security misconfiguration vulnerability on un.org
27 October 2020

Niraj Gautam

Reported a Security Misconfiguration on un.org
24 October 2020

Vyshnav Roop ck

Reported a Security Misconfiguration on un.org
21 October 2020

Oussama Kasmi

Reported security misconfiguration on uneca.org
13 October 2020

Yosri Debaibi

Reported RCE vulnerability on un.org
7 October 2020

Pritam Dash

Reported CORS misconfiguration on unesco.org
6 October 2020

Pritam Dash

Reported server misconfiguration vulnerability on un.org
5 October 2020

Yosri Debaibi

Reported XSS vulnerability on un.org
5 October 2020

Mostafa Ashour - Qena

Reported XSS vulnerability on un.org
1 October 2020

Ahmad A Abdulla

Reported a security misconfiguration on un.org
30 September 2020

Ahmad A Abdulla

Reported XSS vulnerability on un.org
30 September 2020

INDIRA SABEESH

Reported security misconfiguration on un.org
26 September 2020

Jackson Henry

Reported SDE vulnerability on un.org
24 September 2020

Tayfun Akyıldız

Reported XSS vulnerability on un.org
12 September 2020

Muhammmad Usman Nasir

Reported multiple XSS vulnerabilities on unfccc.int
5 September 2020

Tayfun Akyıldız

Reported multiple XSS vulnerabilities on un.org
3 September 2020

Amiya Behera

Reported CORS misconfiguration vulnerability on un.org
18 August 2020

Prince Prafull

Reported CORS vulnerability on un.org
18 August 2020

Mostafa Ashour

Reported a XSS un.org
14 August 2020

Rutvik Jaini

Reported security misconfiguration vulnerability on un.org
11 August 2020

Vishwas Reddy

Reported clickjacking vulnerability on un.org
29 July 2020

Muhamamd Julfikar Hyder

Reported server misconfiguration vulnerability on un.org
23 July 2020

Nguyen Anh Tuan – nhiephon

Reported security misconfiguration on unog.ch
6 July 2020

Marius Avram

Reported XSS vulnerability on www.un.org
6 July 2020

nhiephon

Reported Security Configuration vulnerability on www.unog.org
6 July 2020

Pankaj Kumar Thakur

Reported directory traversal on un.org
28 June 2020

Pranav Gajjar

Reported multiple clickjacking vulnerabilities on un.org
27 June 2020

Abdelrahman Hosny

Reported SDE vulnerability on un.org
25 June 2020

Kareem Selim

Reported broken authentication vulnerability on un.org
25 June 2020

Sourajet Majumder

Reported clickjacking vulnerability on un.org
24 June 2020

Karande Pooja

Reported XSS vulnerability on un.org
24 June 2020

Shivang Trivedi

Reported Security Misconfiguration on un.org
23 June 2020

Abinesh Kamal K U 

Reported directory listing vulnerability on unescap.org
18 June 2020

CH MVN SAI TEJA PRASHANTH 

Reported SDE vulnerability on un.org
17 June 2020

Kamran Saifullah

Reported security misconfiguration and SDE vulnerability on unep.org
2 June 2020

Harsh Ankita Khushaan Joshi

Reported security misconfiguration on unesco.org
22 May 2020

SecurityMate (@securitymate)

Reported a security misconfiguration on un.org
13 May 2020

Mehmet Can Güneş

Reported security misconfiguration on un.org
29 May 2020

Ansil Shah

Reported security misconfiguration on un.org
14 May 2020

Shashwat

Reported an XSS vulnerability on un.org
11 May 2020

Hüsnü Doğmaz.

Reported an XSS vulnerability on on unesco.org
11 May 2020

Ajaysen R

Reported a server misconfiguration vulnerability on unescap.org
5 May 2020

Pierre Louvet

Reported a security misconfiguration on un.int
30 April 2020

Miguel Santareno

Reported server misconfiguration on un.org
29 April 2020

Mohamad Talaat

Reported a SDE vulnerability on un.org
28 April 2020

Dan Nicole Lyton Fonte (danlyt74@gmail.com)

Reported a SQLi vulnerability on unesco.org
28 April 2020

Aakash Adhikari (@dark_haxor)

Reported a security misconfiguration on unon.org
26 April 2020

Khaled Ben Ali

Reported a security misconfiguration on unesco.org
20 April 2020

Nam HaBach

Reported a SQLi vulnerability on un.org
20 April 2020

Syed UmairUddin Nehri

Reported a server misconfiguration vulnerability on un.org
20 April 2020

Goutham Madhwaraj K B

Reported a security misconfiguration on un.org
14 March 2020

Halil AHMAD (@Halilahmadd, turkhackteam.org )

Reported an XSS vulnerability on unesco.org
28 February 2020

Kasper Karlsson

Reported a XSS vulnerability on unesco.org
27 February 2020

Kasper Karlsson

Reported a XSS and SQLi vulnerability on ohchr.org
27 February 2020

Chi Tran

Reported XSS and Open Redirect vulnerabilities on www.unescap.org
24 February 2020

Pankaj Kumar Thakur

Reported a security misconfiguration vulnerability on un.org
20 February 2020

Jenisha Vaidya

Reported a clickjacking vulnerability on un.org
17 February 2020

Jenisha Vaidya

Reported a clickjacking vulnerability on un.org
16 February 2020

Sagar Banwa

Reported a Security Misconfiguration on unon.org
14 February 2020

Kasper Karlsson

Reported a SQLi and XSS Vulnerability on un.org
7 February 2020

Neha Pandey

Reported an XSS Vulnerability on un.org
4 February 2020

Neha Pandey

Reported an XSS Vulnerability on un.org
4 February 2020

Shardul Sunil Borkar

Reported an XSS vulnerability on ilo.org
4 February 2020

Shardul Sunil Borkar

Reported a server misconfiguration on ilo.org
2 February 2020

Ketan Madhukar Mukane

Reported a security misconfiguration vulnerability on un.org
27 January 2020

Chirag Santosh Samant

Reported an XSS vulnerability on un.org
26 January 2020

Sagar Banwa

Reported XSS vulnerability on un.org
18 January 2020

Nathan Hrncirik

Reported a SQLi vulnerability on un.org
17 January 2020

Gaurav Solanki (@heydarklord)

Reported a Security Misconfiguration on un.org
13 Jan 2020

Pankaj Kumar Thakur (@Nep_1337_1998)

Reported a security misconfiguration on un.org
9 January 2020

Nick Mitropoulos

Reported a server misconfiguration vulnerability on un.org
7 Jan 2020

Blindu Eusebiu

Reported server misconfiguration vulnerablity on un.org
4 January 2020

Raphael Karger

Reported sensitive data exposure on un.org
23 December 2019

Janmejaya Swain

Reported a security misconfiguration vulnerability on un.org
23 December 2019

Raphael Karger

Reported an XSS vulnerability on unog.ch
22 December 2019

Jeetu Rajput

Reported a security misconfiguration on un.org
19 December 2019

Sohail Shaikh (ROOTxDEAD)

Reported multiple XSS vulnerabilities on un.org
12 December 2019

Avishek Nayal (Khanna Security Solution)

Reported XSS vulnerability on un.org
7 December 2019

Ambadi M.P

Reported a security misconfiguration vulnerability on un.org
1 December 2019

Rahul M.

Reported poodle vulnerability on un.org
1 December 2019

Namrata Arvikar

Reported an XSS vulnerability on un.org
26 November 2019

Alex Chepovetsky

Reported a security misconfiguration on un.org
20 November 2019

Rohit Kumar

Reported a security misconfiguration on un.org
18 November 2019

Bolli Durga Bhagavan

Reported a security misconfiguration on un.org
8 November 2019

Mohamed Yousef 

Reported an XSS vulnerability on un.org
31 October 2019

Asif Hossain (@ultimate1337)

Reported a sever misconfiguration on un.org
22 October 2019

Athul Jayaram

Reported security misconfiguration on unesco.org
18 October 2019

Abhishek Kumar Tiwari

Reported a directory listing vulnerability on un.org
6 October 2019

Alfie Njeru of Salaam Technology Limited (@emenalf)

Reported SDE/XSS vulnerability on ilo.org
2 October 2019

Mindset Software Technologies

Reported an XSS vulnerability on unesco.org
22 August 2019

Mayank - BIT Mesra

Reported a server misconfiguration on un.org
16 August 2019

Rbcafe

Reported an XSS vulnerability on un.org
15 August 2019

Ronak Nahar

Reported a server misconfiguration on un.org
14 August 2019

Muhammed Bilal Kan

Reported security misconfiguration vulnerability on un.org
13 August 2019

Fredrik Nordberg Almroth

Reported a server misconfiguration on un.org
8 August 2019

Lutfu Mert Ceylan

Reported multiple XSS vulnerabilities on un.org
15 July 2019

Romesh Chander

Reported a server misconfiguration on unesco.org
8 July 2019

Muhammed Bilal Kan

Reported security misconfiguration on un.org
5 July 2019

Pankaj Kumar Thakur (@Nep_1337_1998)

Reported a server misconfiguration on unsceb.org
5 July 2019

Lutfu Mert Ceylan

Reported content injection vulnerability on un.org
30 June 2019

Saraunsh Shewale

Reported a security misconfiguration on un.org
24 June 2019

Mayur Parmar (th3cyb3rc0p)

Reported an XSS vulnerability on un.org
13 June 2019

Hamed Izadi

Reported a server misconfiguration on un.org
3 June 2019

Arman Sameer

Reported an XSS vulnerability on un.org
26 May 2019

Mustafa (@c0braBaghdad1)

Reported a poodle vulnerability on un.org
23 May 2019

Riddhi Chandorkar

Reported an XSS vulnerability on un.org
13 May 2019

Pankaj Thakur (@Nep_1337_1998)

Reported a security misconfiguration vulnerability on un.org
10 May 2019

Hosein Askari

Reported a security misconfiguration on un.org
23 April 2019

Rayen Messaoudi

Reported a security misconfiguration on unog.ch
21 April 2019

Abhinav Singh (@abhinavbom)

Reported a CORS misconfiguration vulnerability on un.org
19 April 2019

Shivam Khambe

Reported a server misconfiguration on unsceb.org
17 April 2019

Sahad Bnu Abid Thangal

Reported an open redirect vulnerability on un.org
26 March 2019

Damini Soni

Reported a security misconfiguration on un.org
22 March 2019

Arpit Jain

Reported a content injection vulnerability on un.org
15 March 2019

Aleem Ladha

Reported a sensitive data exposure on un.org
14 March 2019

Wai Yan Aung

Reported multiple XSS vulnerabilities on un.org
14 March 2019

Safwat Refaat

Reported a security misconfiguration vulnerability on un.org
12 March 2019

Wai Yan Aung

Reported a SQLi vulnerability on un.org
12 March 2019

Wai Yan Aung

Reported an XSS vulnerability on un.org
12 March 2019

Wai Yan Aung

Reported an XSS vulnerability on un.org
8 March 2019

Pethuraj M

Reported an XSS vulnerability on un.org
4 March 2019

Hoang Quoc Thinh (@g4mm4 of CyberJutsu.IO)

Reported a security misconfiguration on un.org
18 February 2019

Irfan Sayed

Reported a server misconfiguration on unsceb.org
9 February 2019

Farah Mehboob (@MehboobFarah)

Reported security misconfiguration vulnerability on un.org

7 February 2019

Sachin Sharma

Reported A security misconfiguration on un.org
28 January 2019

Amin Achour

Reported an XSS vulnerability on un.org
26 January 2019

Viren Yadav

Reported a security misconfiguration on un.org
26 January 2019

Pranav Jagtap

Reported a SQLi vulnerability on un.org
23 January 2019

Kiran Karnad

Reported an XSS vulnerability on un.org
19 January 2019

Vismit Sudhir Rakhecha(Druk) (@rvismit)

Reported a security misconfiguration on un.org
13 January 2019

OZAN AĞDEPE

Reported a security misconfiguration on un.org
12 January 2019

Meridian Miftari

Reported a SQLi vulnerability on un.org
4 January 2019

Mrunal Chawda

Reported a security misconfiguration on un.org
1 January 2019

AAB College - Kosovo CS Group

Reported an XSS vulnerability on un.org
31 December 2018

KARTHIK

Reported a server misconfiguration vulnerability on un.org
22 December 2018

MyoKo (@nutronex)

Reported a server misconfiguration vulnerability on un.org
19 December 2018

Lacroute Serge (@fakessh)

Reported an XSS/server misconfiguration on un.org
16 December 2018

Hrishikesh Panse

Reported an XSS vulnerability on un.org
28 November 2018

Aagam Shah

Reported a server misconfiguration on un.org
24 November 2018

Mohammed Adam

Reported a server misconfiguration on unsceb.org
23 November 2018

S.P. Vasantha Kumar

Reported multiple XSS vulnerabilities on un.org
22 November 2018

Niraj Gautam

Reported an XSS vulnerability on un.org
5 November 2018

Rhishikesh M V

Reported an XSS vulnerability on un.org
2 November 2018

Luca Consolati (@xlocux)

Reported a SQLi vulnerability on un.org
24 October 2018

Umesh Jore

Reported an XST vulnerability on un.org
23 Oct 2018

B.Dhiyaneshwaran

Reported a server misconfiguration on un.org
21 October 2018

Salman Sajid Khan

Reported a server misconfiguration on unsceb.org
18 October 2018

0xMitsurugi (@0xMitsurugi)

Reported a security misconfiguration on un.org
25 October 2018

Dzianis Skliar

Reported a directory listing vulnerability un.org
5 October 2018

Sudhanshu Rajbhar

Reported an XSS vulnerability on un.org
22 September 2018

Miguel Quiñonez Meza (@Y4r4G)

Reported an XSS vulnerability on un.org
21 September 2018

Mayur Gupta

Reported a server misconfiguration on unsceb.org
21 September 2018

Abhishek Misal

Reported a server misconfiguration on un.org
15 September 2018

Avinash Jain (@logicbomb_1)

Reported a server misconfiguration vulnerability un.org
9 September 2018

Kerem Tamci

Reported a SQLi vulnerability on un.org
4 September 2018

Shivam Krishan Sharma

Reported a CORS misconfiguration vulnerability on un.org
3 September 2018

Gaurav Kumar

Reported an XSS vulnerability on un.org
1 September 2018

Paweł Hałdrzyński

Reported an open redirect vulnerability on un.org
30 August 2018

Rabsun Sarkar

Reported a clickjacking vulnerability on un.org
13 August 2018

Boutine Adel

Reported an XSS vulnerability on un.org
30 July 2018

KARTHIK

Reported a server misconfiguration vulnerability on un.org
30 July 2018

Rabsun Sarkar

Reported a directory listing vulnerability on un.org
29 July 2018

SI9INT Website (https://si9int.sh)

Reported an XSS vulnerability on un.org
26 July 2018

Gh05tPT

Reported an XSS vulnerability on un.org
20 July 2018

Ismail Tasdelen

Reported a directory traversal vulnerability on un.org
18 July 2018

Boutine Adel

Reported an XSS vulnerability on un.org
16 July 2018

Jainendra Jain

Reported a SQLi vulnerability on un.org
4 July 2018

Akash Upadhayay

Reported an XSS vulnerability on un.org
9 June 2018

Arvind Mudaliyar

Reported an XSS vulnerability on un.org
18 May 2018

Yann CAM

Reported an XSS vulnerability on un.org
25 April 2018

Safak Aslan

Reported an XSS vulnerability on un.org
9 April 2018

Jayesh Patel

Reported an HTML injection vulnerability on un.org
7 April 2018

Ismail Tasdelen

Reported a Directory Listing vulnerability on un.org
3 April 2018

Safak Aslan 

Reported a server misconfiguration on un.org
26 March 2018

Danish Tariq and Ali Hassan Ghauri (www.danalweb.com)

Reported a clickjacking vulnerability on un.org
23 March 2018

Chirag Gupta

Reported an XSS vulnerability on unesco.org
22 March 2018

Sumit Sahoo

Reported a server misconfiguration on un.org
22 March 2018

Safak Aslan

Reported an XSS vulnerability on un.org
19 March April 2018

Russel Rodrigues

Reported a server misconfiguration on un.org
5 March 2018

Florian Kunushevci

Reported a server misconfiguration on un.org
5 March 2018

Mitesh Patil

Reported a CORS misconfiguration vulnerability on un.org
2 March 2018

Mitesh Patil

Reported a CORS misconfiguration on un.org
2 March 2018

Akash Labade

Reported a Poodle vulnerability on un.org
2 March 2018

Akash Labade

Reported a Poodle vulnerability on un.org
2 March 2018

Juba Baghdad (@JubaBaghdad)

Reported a path disclosure vulnerability on un.org
2 March 2018

Sanyam Chawla (Infosecsanyam)

Reported a path disclosure vulnerability on un.org
28 Feburary 2018

Danish Tariq

Reported a Clickjacking vulnerability on un.org
27 February 2018

Frank Vickers

Reported a path disclosure vulnerability on un.org
27 February 2018

Jose Carlos Exposito Bueno

Reported a SQLi vulnerability on un.org
26 February 2018

Remesh Ramachandran

Reported a Directory Listing vulnerability on un.org
25 February 2018

Aditya Dixit

Reported a server misconfiguration on un.org
25 February 2018

Geethu Sivakumar PaceHitech

Reported a SQLi vulnerability on un.org
25 February 2018

Mitesh Patil

Reported a CORS misconfiguration vulnerability on un.org
23 February 2018

Saurabh Gurgule

Reported a CORS misconfiguration vulnerability on un.org
23 February 2018

Kshitij Khakurdikar

Reported a SQLi vulnerability on un.org
22 February 2018

Ismail Tasdelen

Reported a file disclosure vulnerability on un.org
15 February 2018

Murtada Kamil

Reported a SQLi vulnerability on un.org
13 February 2018

Jose Carlos Exposito Bueno

Reported an XSS vulnerability on un.org
3 February 2018

Vitthal Shinde

Reported CORS misconfiguration vulnerability on un.org
1 February 2018

Taha Smily (@TahakhanTaha)

Reported an XSS vulnerability on un.org
1 February 2018

Vicky Smart

Reported a CORS misconfiguration vulnerability on un.org
29 January 2018

Wen Bin Kong

Reported an XSS vulnerability on un.org
28 January 2018

Thrivikram Gujarathi

Reported a CORS misconfiguration vulnerability on un.org
26 January 2018

Pranav Jagtap

Reported a SQLI vulnerability on un.org
23 January 2018

Ravi Xander

Reported an XSS vulnerability on unog.ch
23 January 2018

Ronnie T Baby

Reported an XSS vulnerability on un.org
22 January 2018

Youssef A. Mohamed

Reported a path disclosure vulnerability on un.org
22 January 2018

MyGf (TurkHackTeam.org, @tht_mygf)

Reported an XSS vulnerability on un.org
22 January 2018

Adesh Nandkishor Kolte

Reported an input sanitization error on un.org
22 January 2018

Pal Patel

Reported a content injection vulnerability on un.org
21 January 2018

Ashutosh Barot

Reported a content injection and a server misconfiguration on un.org
21 January 2018

Mahesh Raykar

Reported an XSS vulnerability on un.org
19 January 2018

Vaibhav Gaikwad

Reported a SQLi vulnerability on un.org
19 January 2018

Mahesh Raykar

Reported an XSS vulnerability on un.org
19 January 2018

Shubham Maheshwari

Reported an XSS vulnerability on un.org
19 January 2018

Mayank Garg

Reported a SQLi vulnerability on un.org
18 January 2018

Tansel ÇETİN

Reported an HTML injection vulnerability on un.org
18 January 2018

Ferdi Bak (@iosFerdi)

Reported an XSS vulnerability on unog.ch
18 January 2018

Naina Usman

Reported an XSS vulnerability on un.org
18 January 2018

Ankit Singh

Reported a CORS misconfiguration vulnerability on un.org
17 January 2018

Amir Naseem

Reported an XSS vulnerability on un.org
17 January 2018

Rounak Dhadiwal, HackersEra Cyber Security Consultancy Pvt.Ltd

Reported an XSS vulnerability on un.org
16 January 2018

Ali Tutuncu

Reported an XSS vulnerability on un.org
16 January 2018

Harsh Suratwala

Reported an XSS vulnerability on un.org
16 January 2018

Vikash Chaudhary, CEO & Founder at HackersEra Cyber Security Consultancy and Training PVT LTD

Reported an XSS vulnerability on un.org
15 January 2018

Renwa Hiwa (@RenwaX23)

Reported an XSS vulnerability on un.org
14 January 2018

Vikash Chaudhary, CEO & Founder at HackersEra Cyber Security Consultancy and Training PVT LTD

Reported  an XSS vulnerability on un.org
13 January 2018

Taha Smily

Reported an Open URL Redirection vulnerability on un.org
12 January 2018

Nisheal A John

Reported an XSS vulnerability on un.org
12 January 2018

Nisheal A John

Reported a SQLi vulnerability on un.org
12 January 2018

Rashed Al Naamani (@0man_X_HaCker)

Reported an XSS vulnerability on un.org
9 January 2018

Aditya Jadhav  (www.securecyberfuture.com)

Reported an XSS vulnerability on un.org
4 January 2018

Aditya Jadhav (www.securecyberfuture.com)

Reported a SQLi vulnerability on un.org
4 January 2018

Sajibe Kanti (@Sajibekantibd)

Reported a content injection vulnerability on un.org
2 January 2018

Max Derrick

Reported an XSS vulnerability on un.org
2 January 2018

Nick Kelley

Reported an XSS vulnerability on un.org
19 December 2017

Daniel Kelley

Reported a Path Disclosure vulnerability on un.org
19 December 2017

Steven Hampton (@keritzy)

Reported an XSS vulnerability on un.org
17 December 2017

Renwa (@RenwaX23)

Reported an XSS vulnerability on un.org
13 December 2017

Takashi Suzuki 

Reported an XSS vulnerability on un.org
20 November 2017

Alvaro Muñoz (@pwntester)

Reported a .Net deserialisation vulnerability on tradestrategy.org
20 November 2017

Lewis (@LewisBugBounty)

Reported an XSS vulnerability on un.org
13 September 2017

SecuNinja

Reported an XSS vulnerability on unog.ch
11 September 2017

Lewis (@LewisBugBounty)

Reported an XSS vulnerability on un.org
12 August 2017

LewisWildgoose

Reported an XSS vulnerability on childrenandarmedconflict.un.org
17 July 2017

Remco Verhoef / DutchSec (twitter.com/remco_verhoef)

Reported a server misconfiguration
9 December 2016

United Nations Responsible Disclosure and Reporter Acknowledgment Policy

To improve the protection of its Information Communications Technology resources, the United Nations encourages the public to assist with its efforts by disclosing vulnerabilities in the United Nations’ publicly accessible information system. The manner by which such assistance may be made available to the United Nations is set forth below.

What to report to the United Nations

Security incidents and details of vulnerabilities associated with publically accessible United Nations (UN) Information Communications Technology resources, including websites.

Vulnerability reporting policy:

The UN will accept disclosures of vulnerabilities under the following conditions:

  1. The vulnerability has not already been publically disclosed.
  2. The vulnerability should be reported to the UN as quickly as possible after its discovery.
  3. The vulnerability findings must remain confidential for at least 90 days following the date the vulnerability was reported to the UN or until public disclosure of the vulnerability has been made on this website.
  4. The severity of a vulnerability finding is assessed by the UN at its own discretion.
  5. The name and contact information of the reporter may be disclosed to affected technology vendor(s) unless otherwise requested by the reporter.

The UN reserves the right to accept or reject any security vulnerability disclosure report at its discretion.

Individuals or entities who wish to report security vulnerability should follow the procedures set forth below:

  • The findings, including contact details, should be sent to infosec@un.org.
  • The findings should be communicated using PGP encrypted messages using the public key (PGP Fingerprint: A001 EB04 2D38 7016 EEA8 CC54 798E 86D7 6B9A A810) available on this website.
  • As much information as possible regarding the finding should be communicated to the UN to enable the Organization to reproduce and verify the vulnerability, in order to implement appropriate remediation actions.
  • The vulnerability findings must remain confidential for at least 90 days following the date the vulnerability was reported to the UN or until public disclosure of the vulnerability has been made on this website.

If more information is required regarding a reported vulnerability, the UN may contact the reporter; therefore it is important to provide valid contact details, including email address and/or telephone number.

If the conditions listed above are satisfied, the UN will verify the existence of the vulnerability, notify affected parties, and implement actions to mitigate the vulnerability.

Once the vulnerability has been removed, the reporter will be acknowledged unless he/she wishes to remain anonymous, and listed (at his or her own discretion) on this page with a short description of the vulnerability reported.

By reporting vulnerability findings to the UN, the reporter acknowledges that such reporting is provided pro bono and without expectation of financial or other compensation. The reporter also affirms that neither he/she nor any entity that he/she represents is complicit in human rights abuses, tolerates forced or compulsory labour or use child labour, is involved in the sale or manufacture of anti-personnel mines or their components, or does not meet the purposes and principles of the United Nations.