) Information [/sites/default/files/pdfs/publication/vulnerability-reporting.pdf]( Download & print article PDF ) [/sites/default/files/pdfs/publication/vulnerability-reporting.pdf]( Download & print article PDF )

Vulnerability Reporting

How to report a vulnerability with a UK government online service.

Do you believe you have found a vulnerability with a UK government online service?

Please try to contact the owner first. If you cannot find a point of contact (or have had no response) then you can report the vulnerability to us.

[https://hackerone.com/2e6793b1-d580-4172-9ba3-04c98cdfb478/embedded_submissions/new](Report the vulnerability)

If the vulnerability relates to the Scottish Government, please report it here:

[https://www.gov.scot/publications/vulnerability-disclosure-policy/](Report the gov.scot vulnerability)

If you believe that you have spotted a vulnerability that is specifically on the NCSC web platform then you can report it below.

[https://hackerone.com/2bb1fbb9-ca3d-406d-a49a-4807fb73ffc1/embedded_submissions/new](Report an NCSC website vulnerability)

Vulnerability reporting guidelines

• Please do not share the vulnerability information beyond the owner and us, without express consent from the owner
• Vulnerabilities reported to the HackerOne platform can be submitted without the need to create a HackerOne account. However, if you wish to be updated you should create an account
• To submit your report, you will need to agree to the [https://www.hackerone.com/terms/finder](HackerOne Terms and Conditions) and acknowledge that you have read their [https://www.hackerone.com/privacy](Privacy Policy) and [https://www.hackerone.com/disclosure-guidelines](Disclosure Guidelines)
• Once you have submitted the report, it will be assessed by our triage team within five working days, and forwarded to the affected owners as soon as possible
• The affected owner holds responsibility for resolving the issue.

Share and print this article

[/sites/default/files/pdfs/publication/vulnerability-reporting.pdf]( Download & print article PDF ) [/sites/default/files/pdfs/publication/vulnerability-reporting.pdf]( Download & print article PDF )

Share Share Close share options [http://www.facebook.com/share.php?u=https://www.ncsc.gov.uk/information/vulnerability-reporting]( Share onFacebook ) [https://www.linkedin.com/shareArticle?mini=true&url=https://www.ncsc.gov.uk/information/vulnerability-reporting&title=]( Share onLinkedIn ) [https://twitter.com/intent/tweet?text=&url=https://www.ncsc.gov.uk/information/vulnerability-reporting]( Share onX ) Copy Link

Published

Publish date

15 November 2018

Reviewed

7 November 2024

Written for

Written for

[/section/advice-guidance/large-organisations](Large organisations) [/section/advice-guidance/cyber-security-professionals](Cyber security professionals) [/section/advice-guidance/public-sector](Public sector)

Was this article helpful?

• [/feedback-form/webform/nojs/ennerdale_webform/feedback_webform?page=/information/vulnerability-reporting&was_this_page_helpful=Yes]( Yes the article was helpful )
• [/feedback-form/webform/nojs/ennerdale_webform/feedback_webform?page=/information/vulnerability-reporting&was_this_page_helpful=No]( No the article was not helpful )

Close Feedback Form

Back to top Share Close share options [http://www.facebook.com/share.php?u=https://www.ncsc.gov.uk/information/vulnerability-reporting]( Share onFacebook ) [https://www.linkedin.com/shareArticle?mini=true&url=https://www.ncsc.gov.uk/information/vulnerability-reporting&title=]( Share onLinkedIn ) [https://twitter.com/intent/tweet?text=&url=https://www.ncsc.gov.uk/information/vulnerability-reporting]( Share onX ) Copy Link

Also see

[/news/exploitation-cisco-catalyst-sd-wans]( News

Publish date

25 Feb 2026

Exploitation of Cisco Catalyst SD-WAN

Agencies strongly encourage immediate investigation of potential compromise of Cisco Catalyst SD-WAN.

) [/blog-post/improving-your-response-to-vulnerability-management]( Blog Post

Publish date

10 Feb 2026

Improving your response to vulnerability management

How to ensure the ‘organisational memory’ of past vulnerabilities is not lost.

) [/news/confirmed-compromise-f5-network]( News

Publish date

15 Oct 2025

Confirmed compromise of F5 network

The NCSC is advising organisations to follow the guidance issued by F5 and to install the latest security updates.

)