# We would like to thank the following:
# [yyyy-mm-dd] Name -- description

[2023-06-12] D4rkrai - reported a refelected XSS vulnerability in a GOV.UK hosted site
[2023-06-07] Christophe Tafani-Dereeper -- reported a security misconfiguration in a GOV.UK AWS service
[2023-05-16] Rajesh Thapa -- potential takeover vulnerability within data.gov.uk prototype
[2023-04-11] Sanjok Karki(thesanjok) -- reported a Sensitive Information Disclosure vulnerability to Cabinet Office
[2023-02-03] Mitchell Robson -- reported a sub-domain takeover vulnerability for Cabinet Office services
[2022-12-01] Corrie Sloot -- found DNS misconfiguration for Government Communication Services
[2022-10-10] Ilie Alexandru -- reported a XSS vulnerability in a GOV.UK hosted site
[2022-10-05] Souvik Kandar -- found a security misconfiguration for the civil service learning platform
[2022-06-06] Tom Samson -- potential vulnerability to Log4j exploit in GOV.UK hosted application
[2022-06-06] Michael Minchinton -- cached URLs linking to sensitive files on a GOV.UK service
[2022-05-27] Ayush Juneja -- potential vulnerability with GOV.UK contact forms
[2022-01-17] Mohd.Danish Abid -- potential directory security misconfiguration on gdscareers.gov.uk
[2021-07-21] Artem Smotrakov -- potential timing attack on GOV.UK Pay Webhook signature checks
[2020-02-11] Jonathan Leitschuh -- potential MITM using HTTP to resolve some GOV.UK Pay Maven dependencies