# We would like to thank the following: # [yyyy-mm-dd] Name -- description [2023-06-12] D4rkrai - reported a refelected XSS vulnerability in a GOV.UK hosted site [2023-06-07] Christophe Tafani-Dereeper -- reported a security misconfiguration in a GOV.UK AWS service [2023-05-16] Rajesh Thapa -- potential takeover vulnerability within data.gov.uk prototype [2023-04-11] Sanjok Karki(thesanjok) -- reported a Sensitive Information Disclosure vulnerability to Cabinet Office [2023-02-03] Mitchell Robson -- reported a sub-domain takeover vulnerability for Cabinet Office services [2022-12-01] Corrie Sloot -- found DNS misconfiguration for Government Communication Services [2022-10-10] Ilie Alexandru -- reported a XSS vulnerability in a GOV.UK hosted site [2022-10-05] Souvik Kandar -- found a security misconfiguration for the civil service learning platform [2022-06-06] Tom Samson -- potential vulnerability to Log4j exploit in GOV.UK hosted application [2022-06-06] Michael Minchinton -- cached URLs linking to sensitive files on a GOV.UK service [2022-05-27] Ayush Juneja -- potential vulnerability with GOV.UK contact forms [2022-01-17] Mohd.Danish Abid -- potential directory security misconfiguration on gdscareers.gov.uk [2021-07-21] Artem Smotrakov -- potential timing attack on GOV.UK Pay Webhook signature checks [2020-02-11] Jonathan Leitschuh -- potential MITM using HTTP to resolve some GOV.UK Pay Maven dependencies