)
Information [/sites/default/files/pdfs/publication/vulnerability-reporting.pdf](
Download & print article PDF )
[/sites/default/files/pdfs/publication/vulnerability-reporting.pdf](
Download & print article PDF )

Vulnerability Reporting

How to report a vulnerability with a UK government online service.

Do you believe you have found a vulnerability with a UK government online service?

Please try to contact the owner first. If you cannot find a point of contact (or have had no response) then you can report the vulnerability to us.

[https://hackerone.com/2e6793b1-d580-4172-9ba3-04c98cdfb478/embedded_submissions/new](Report the vulnerability)

If the vulnerability relates to the Scottish Government, please report it here:

[https://www.gov.scot/publications/vulnerability-disclosure-policy/](Report the gov.scot vulnerability)

If you believe that you have spotted a vulnerability that is specifically on the NCSC web platform then you can report it below.

[https://hackerone.com/2bb1fbb9-ca3d-406d-a49a-4807fb73ffc1/embedded_submissions/new](Report an NCSC website vulnerability)

Vulnerability reporting guidelines

Please do not share the vulnerability information beyond the owner and us, without express consent from the owner
Vulnerabilities reported to the HackerOne platform can be submitted without the need to create a HackerOne account. However, if you wish to be updated you should create an account
To submit your report, you will need to agree to the [https://www.hackerone.com/terms/finder](HackerOne Terms and Conditions) and acknowledge that you have read their [https://www.hackerone.com/privacy](Privacy Policy) and [https://www.hackerone.com/disclosure-guidelines](Disclosure Guidelines)
Once you have submitted the report, it will be assessed by our triage team within five working days, and forwarded to the affected owners as soon as possible
The affected owner holds responsibility for resolving the issue.

Share and print this article

[/sites/default/files/pdfs/publication/vulnerability-reporting.pdf](
Download & print article PDF )
[/sites/default/files/pdfs/publication/vulnerability-reporting.pdf](
Download & print article PDF )

Share Share
Close share options
[http://www.facebook.com/share.php?u=https://www.ncsc.gov.uk/information/vulnerability-reporting](
Share onFacebook ) [https://www.linkedin.com/shareArticle?mini=true&url=https://www.ncsc.gov.uk/information/vulnerability-reporting&title=](
Share onLinkedIn ) [https://twitter.com/intent/tweet?text=&url=https://www.ncsc.gov.uk/information/vulnerability-reporting](
Share onX )
Copy Link

Published

Publish date

15 November 2018

Reviewed

7 November 2024

Written for

[/section/advice-guidance/large-organisations](Large organisations) [/section/advice-guidance/cyber-security-professionals](Cyber security professionals) [/section/advice-guidance/public-sector](Public sector)

Was this article helpful?

[/feedback-form/webform/nojs/ennerdale_webform/feedback_webform?page=/information/vulnerability-reporting&was_this_page_helpful=Yes]( Yes the article was helpful )
[/feedback-form/webform/nojs/ennerdale_webform/feedback_webform?page=/information/vulnerability-reporting&was_this_page_helpful=No]( No the article was not helpful )

Close Feedback Form

Back to top
Share
Close share options
[http://www.facebook.com/share.php?u=https://www.ncsc.gov.uk/information/vulnerability-reporting](
Share onFacebook ) [https://www.linkedin.com/shareArticle?mini=true&url=https://www.ncsc.gov.uk/information/vulnerability-reporting&title=](
Share onLinkedIn ) [https://twitter.com/intent/tweet?text=&url=https://www.ncsc.gov.uk/information/vulnerability-reporting](
Share onX )
Copy Link

Also see

[/news/exploitation-cisco-catalyst-sd-wans](
News

Publish date

25 Feb 2026

Exploitation of Cisco Catalyst SD-WAN

Agencies strongly encourage immediate investigation of potential compromise of Cisco Catalyst SD-WAN.

)
[/blog-post/improving-your-response-to-vulnerability-management](
Blog Post

Publish date

10 Feb 2026

Improving your response to vulnerability management

How to ensure the ‘organisational memory’ of past vulnerabilities is not lost.

)
[/news/confirmed-compromise-f5-network](
News

Publish date

15 Oct 2025

Confirmed compromise of F5 network

The NCSC is advising organisations to follow the guidance issued by F5 and to install the latest security updates.

)

Vulnerability Reporting

How to report a vulnerability with a UK government online service.

Do you believe you have found a vulnerability with a UK government online service?

Please try to contact the owner first. If you cannot find a point of contact (or have had no response) then you can report the vulnerability to us.

[https://hackerone.com/2e6793b1-d580-4172-9ba3-04c98cdfb478/embedded_submissions/new](Report the vulnerability)

If the vulnerability relates to the Scottish Government, please report it here:

[https://www.gov.scot/publications/vulnerability-disclosure-policy/](Report the gov.scot vulnerability)

If you believe that you have spotted a vulnerability that is specifically on the NCSC web platform then you can report it below.

[https://hackerone.com/2bb1fbb9-ca3d-406d-a49a-4807fb73ffc1/embedded_submissions/new](Report an NCSC website vulnerability)

Vulnerability reporting guidelines

Please do not share the vulnerability information beyond the owner and us, without express consent from the owner
Vulnerabilities reported to the HackerOne platform can be submitted without the need to create a HackerOne account. However, if you wish to be updated you should create an account
To submit your report, you will need to agree to the [https://www.hackerone.com/terms/finder](HackerOne Terms and Conditions) and acknowledge that you have read their [https://www.hackerone.com/privacy](Privacy Policy) and [https://www.hackerone.com/disclosure-guidelines](Disclosure Guidelines)
Once you have submitted the report, it will be assessed by our triage team within five working days, and forwarded to the affected owners as soon as possible
The affected owner holds responsibility for resolving the issue.

Share and print this article

[/sites/default/files/pdfs/publication/vulnerability-reporting.pdf](
Download & print article PDF )
[/sites/default/files/pdfs/publication/vulnerability-reporting.pdf](
Download & print article PDF )

Published

Publish date

15 November 2018

Reviewed

7 November 2024

Written for

Was this article helpful?

[/feedback-form/webform/nojs/ennerdale_webform/feedback_webform?page=/information/vulnerability-reporting&was_this_page_helpful=Yes]( Yes the article was helpful )
[/feedback-form/webform/nojs/ennerdale_webform/feedback_webform?page=/information/vulnerability-reporting&was_this_page_helpful=No]( No the article was not helpful )

Close Feedback Form

Also see

[/news/exploitation-cisco-catalyst-sd-wans](
News

Publish date

25 Feb 2026

Exploitation of Cisco Catalyst SD-WAN

Agencies strongly encourage immediate investigation of potential compromise of Cisco Catalyst SD-WAN.

)
[/blog-post/improving-your-response-to-vulnerability-management](
Blog Post

Publish date

10 Feb 2026

Improving your response to vulnerability management

How to ensure the ‘organisational memory’ of past vulnerabilities is not lost.

)
[/news/confirmed-compromise-f5-network](
News

Publish date

15 Oct 2025

Confirmed compromise of F5 network

The NCSC is advising organisations to follow the guidance issued by F5 and to install the latest security updates.

)

gchq.gov.uk

gchq.gov.uk

Details

Vulnerability Reporting

Vulnerability reporting guidelines

Share and print this article

Published

Publish date

Reviewed

Written for

Written for

Was this article helpful?

Also see

Publish date

Exploitation of Cisco Catalyst SD-WAN

Publish date

Improving your response to vulnerability management

Publish date

Confirmed compromise of F5 network

Vulnerability Reporting

Vulnerability reporting guidelines

Share and print this article

Published

Publish date

Reviewed

Written for

Written for

Was this article helpful?

Also see

Publish date

Exploitation of Cisco Catalyst SD-WAN

Publish date

Improving your response to vulnerability management

Publish date

Confirmed compromise of F5 network