---
layout: markdown_page
title: Security Researcher Acknowledgments
---
To report an issue please read our [responsible disclosure policy](/security/disclosure/).
GitLab would like to thank the following individuals and organizations who have
made GitLab safer by responsibly disclosing security issues.
## 2018 and later
Please see our [HackerOne program](https://hackerone.com/gitlab) and the [Hacktivity of that program](https://hackerone.com/gitlab/hacktivity)
## 2017
- [Jason Ritzke](https://twitter.com/rtzq0)
- [#26411](https://gitlab.com/gitlab-org/gitlab-ce/issues/26411)
- [Jobert Abma](https://twitter.com/jobertabma) - [HackerOne](https://hackerone.com/jobert)
- [#26242](https://gitlab.com/gitlab-org/gitlab-ce/issues/26242)
- [#26243](https://gitlab.com/gitlab-org/gitlab-ce/issues/26243)
- [#26249](https://gitlab.com/gitlab-org/gitlab-ce/issues/26249)
- [#26250](https://gitlab.com/gitlab-org/gitlab-ce/issues/26250)
- [#30527](https://gitlab.com/gitlab-org/gitlab-ce/issues/30527)
- [#29652](https://gitlab.com/gitlab-org/gitlab-ce/issues/29652)
- [Yasin Soliman](https://twitter.com/SecurityYasin)
- [#27153](https://gitlab.com/gitlab-org/gitlab-ce/issues/27153)
- [#29875](https://gitlab.com/gitlab-org/gitlab-ce/issues/29875)
- [#29651](https://gitlab.com/gitlab-org/gitlab-ce/issues/29651)
- [#38272](https://gitlab.com/gitlab-org/gitlab-ce/issues/38272)
- [NETTAR Adel](https://hackerone.com/nettar)
- [#27471](https://gitlab.com/gitlab-org/gitlab-ce/issues/27471)
- [Strukt](https://hackerone.com/strukt)
- [#17286](https://gitlab.com/gitlab-org/gitlab-ce/issues/17286)
- [edio](https://twitter.com/EdOverflow)
- [#29081](https://gitlab.com/gitlab-org/gitlab-ce/issues/29081)
- [#29374](https://gitlab.com/gitlab-org/gitlab-ce/issues/29374)
- [#29413](https://gitlab.com/gitlab-org/gitlab-ce/issues/29413)
- [#30250](https://gitlab.com/gitlab-org/gitlab-ce/issues/30250)
- [#33310](https://gitlab.com/gitlab-org/gitlab-ce/issues/33310)
- [Chalker](https://github.com/ChALkeR/)
- [#30125](https://gitlab.com/gitlab-org/gitlab-ce/issues/30125)
- [Timo Schmid](https://www.ernw.de/)
- [#29363](https://gitlab.com/gitlab-org/gitlab-ce/issues/29363)
- [#29364](https://gitlab.com/gitlab-org/gitlab-ce/issues/29364)
- [#28325](https://gitlab.com/gitlab-org/gitlab-ce/issues/28325)
- [Eaden McKee](https://twitter.com/eadz)
- [#29651](https://gitlab.com/gitlab-org/gitlab-ce/issues/29651)
- [Evelyn Lee](https://hackerone.com/evelynleems)
- [#31842](https://gitlab.com/gitlab-org/gitlab-ce/issues/31842)
- [Peter Lloyd](http://www.cambridgeconsultants.com/)
- [#2905](https://gitlab.com/gitlab-org/gitlab-ee/issues/2905)
- [Lukas Svoboda](https://github.com/lksv)
- [#24570](https://gitlab.com/gitlab-org/gitlab-ce/issues/24570)
- [Joern Schneeweisz](http://twitter.com/joernchen) of [Recurity-Labs](http://www.recurity-labs.com/)
- [#35212](https://gitlab.com/gitlab-org/gitlab-ce/issues/35212)
- [#36091](https://gitlab.com/gitlab-org/gitlab-ce/issues/36091)
- [Tim Goddard](https://www.insomniasec.com/)
- [#31508](https://gitlab.com/gitlab-org/gitlab-ce/issues/31508)
- [Naure](https://twitter.com/aurelcode)
- [#31045](https://gitlab.com/gitlab-org/gitlab-ce/issues/31045)
- [Ryan Pearl](https://hackerone.com/rpearl) of [KarmicLabs](https://karmiclabs.com/)
- [#37946](https://gitlab.com/gitlab-org/gitlab-ce/issues/37946)
- [Vishwaraj](https://twitter.com/vishwaraj101)
- [#13482](https://gitlab.com/gitlab-org/gitlab-ce/issues/13482)
- [Josh Unger](https://gitlab.com/joshunger)
- [#38267](https://gitlab.com/gitlab-org/gitlab-ce/issues/38267)
- [Eric Rafaloff](https://ericrafaloff.com/)
- [#37715](https://gitlab.com/gitlab-org/gitlab-ce/issues/37715)
- [Zimmer](https://twitter.com/TEAM_P_TE)
- [#34259](https://gitlab.com/gitlab-org/gitlab-ce/issues/34259)
- [Corb3nik](https://twitter.com/corb3nik)
- [#29655](https://gitlab.com/gitlab-org/gitlab-ce/issues/29655)
- [Victor Häggqvist](https://victorhaggqvist.com)
- [#32059](https://gitlab.com/gitlab-org/gitlab-ce/issues/32059)
- [Matthias Burtscher](https://gitlab.com/mburtscher)
- [#36679](https://gitlab.com/gitlab-org/gitlab-ce/issues/36679)
- [Hugo Geoffroy](https://gitlab.com/pstch)
- [#34910](https://gitlab.com/gitlab-org/gitlab-ce/issues/34910)
- [Sylvain Heiniger](https://compass-security.com/)
- [#40706](https://gitlab.com/gitlab-org/gitlab-ce/issues/40706)
- [Mohammad Hasbini](https://gitlab.com/0xbsec)
- [#30663](https://gitlab.com/gitlab-org/gitlab-ce/issues/30663)
## 2016
- Hussain Adnan Hashim - [@Hussain_infosec](https://www.facebook.com/profile.php?id=100004366368341)
- Jérémy Chatard - [@jchatard](https://twitter.com/jchatard)
- Justin Gerhardt
- Vishwaraj Bhattrai - [@vishwaraj101](https://twitter.com/vishwaraj101)
- [Anirudh Anand](https://hackerone.com/a0xnirudh) - [0daylabs](https://www.0daylabs.com/)
- [#13625](https://gitlab.com/gitlab-org/gitlab-ce/issues/13625)
- [#15331](https://gitlab.com/gitlab-org/gitlab-ce/issues/15331)
- [#17299](https://gitlab.com/gitlab-org/gitlab-ce/issues/17299)
- Patrick Fiedler
- [#14607](https://gitlab.com/gitlab-org/gitlab-ce/issues/14607)
- [#23548](https://gitlab.com/gitlab-org/gitlab-ce/issues/23548)
- [Jobert Abma](https://twitter.com/jobertabma) - [HackerOne](https://hackerone.com/jobert)
- [#14898](https://gitlab.com/gitlab-org/gitlab-ce/issues/14898)
- [#14900](https://gitlab.com/gitlab-org/gitlab-ce/issues/14900)
- [#15437](https://gitlab.com/gitlab-org/gitlab-ce/issues/15437)
- [#15439](https://gitlab.com/gitlab-org/gitlab-ce/issues/15439)
- [#15576](https://gitlab.com/gitlab-org/gitlab-ce/issues/15576)
- [#15577](https://gitlab.com/gitlab-org/gitlab-ce/issues/15577)
- [#15579](https://gitlab.com/gitlab-org/gitlab-ce/issues/15579)
- [#15580](https://gitlab.com/gitlab-org/gitlab-ce/issues/15580)
- [#15591](https://gitlab.com/gitlab-org/gitlab-ce/issues/15591)
- [#17298](https://gitlab.com/gitlab-org/gitlab-ce/issues/17298)
- [#20802](https://gitlab.com/gitlab-org/gitlab-ce/issues/20802)
- [#20974](https://gitlab.com/gitlab-org/gitlab-ce/issues/20974)
- [#21167](https://gitlab.com/gitlab-org/gitlab-ce/issues/21167)
- [#23822](https://gitlab.com/gitlab-org/gitlab-ce/issues/23822)
- [#25064](https://gitlab.com/gitlab-org/gitlab-ce/issues/25064)
- Teun Beijers
- [#15126](https://gitlab.com/gitlab-org/gitlab-ce/issues/15126)
- [#15434](https://gitlab.com/gitlab-org/gitlab-ce/issues/15434)
- [#18997](https://gitlab.com/gitlab-org/gitlab-ce/issues/18997)
- [RonMurz](https://hackerone.com/ronmurz)
- [#15389](https://gitlab.com/gitlab-org/gitlab-ce/issues/15389)
- Gearlles Ferreira
- [#15522](https://gitlab.com/gitlab-org/gitlab-ce/issues/15522)
- [Mustafa Hasan](https://twitter.com/strukt93)
- [#17243](https://gitlab.com/gitlab-org/gitlab-ce/issues/17243)
- [Bharanidharan R.](https://www.linkedin.com/in/bharanidharanceh)
- [www-gitlab-com#667](https://gitlab.com/gitlab-com/www-gitlab-com/issues/667)
- [Vishwaraj Bhattrai](https://hackerone.com/vraj)
- [#17249](https://gitlab.com/gitlab-org/gitlab-ce/issues/17249)
- [Madhu Akula](http://twitter.com/madhuakula) - [Appsecco](http://appsecco.com)
- [#18188](https://gitlab.com/gitlab-org/gitlab-ce/issues/18188)
- [Colin Dean](https://hackerone.com/colindean)
- [#19102](https://gitlab.com/gitlab-org/gitlab-ce/issues/19102)
- Ron Arts
- [#18033](https://gitlab.com/gitlab-org/gitlab-ce/issues/18033)
- Niels Keurentjes
- [#19312](https://gitlab.com/gitlab-org/gitlab-ce/issues/19312)
- [Dylan Katz](https://dylankatz.com)
- [#21017](https://gitlab.com/gitlab-org/gitlab-ce/issues/21017)
- [Skylar Kelty](https://hackerone.com/skylarkelty)
- [#21457](https://gitlab.com/gitlab-org/gitlab-ce/issues/21457)
- Christian Bönning
- [gitlab-ee#1046](https://gitlab.com/gitlab-org/gitlab-ee/issues/1046)
- [Pete Yaworski](https://twitter.com/yaworsk)
- [#19799](https://gitlab.com/gitlab-org/gitlab-ce/issues/19799)
- [Mohamed Ebrahem](https://www.facebook.com/PSX0S404)
- [#23153](https://gitlab.com/gitlab-org/gitlab-ce/issues/23153)
- [Frans Rosén](https://hackerone.com/fransrosen)
- [HackerOne#174983](https://hackerone.com/reports/174983)
- [Kristiyan Bogdanov](https://www.linkedin.com/in/kristiyan-bogdanov-86641a60)
- [#25249](https://gitlab.com/gitlab-org/gitlab-ce/issues/25249)
## 2015
- Kamil Trzciński - [Polidea](http://www.polidea.com/)
- [Nithish Varghese](https://www.facebook.com/nithish.varghese)
- Mohamed Abdelbaset Elnoby, Senior Information Security Analyst at Seekurity.com
- Artem Chistyakov - [@artemchistyakov](https://twitter.com/artemchistyakov)
- [Ciro Santilli](http://www.cirosantilli.com/)
- [C Vishnu Vardhan Reddy](https://www.facebook.com/vishnu.dfx)
- [Sane Sindhuja Reddy](https://www.facebook.com/sindhuja.reddy.137)
- [Muhammad Shahzaib](http://www.facebook.com/shazaib.malik.56)
- [Ben khlifa Fahmi](https://twitter.com/benkhlifa_fahmi) [(Tunisian Whitehats Security)](http://benkhlifa.com/)
- [Shawar Khan](https://www.facebook.com/shawarkhanskofficial)
## 2014
- [Wesecureapp](http://wesecureapp.com)
- Hugh Davenport - [All The Things Ltd](http://allthethings.co.nz)
- Frans Rosén - [https://detectify.com](https://detectify.com)
- Mika Mäenpää, Department of Pervasive Computing @ Tampere. University of Technology
- Filippos Mastrogiannis - [LinkedIn](https://www.linkedin.com/pub/filippos-mastrogiannis/68/132/177)
- Mazen Gamal Mesbah - [@MazenGamal](https://twitter.com/mazengamal)
- Evan Ricafort - [www.evanricafort.com](http://www.evanricafort.com)
- ChenQin, Network and Information Security Lab @ Tsinghua University
- Simone Memoli - [@Simon90_Italy](https://twitter.com/Simon90_Italy)
- Muhammad Talha Khan - [facebook.com/mtk911](https://www.facebook.com/mtk911)
- Nakul Mohan - [@Anonymous_India](https://twitter.com/Nakul_Mohan_Cia)
- Hardik Tailor - [@iamhardiktailor](https://twitter.com/iamhardiktailor)
- Sergio Galán - [@NaxoneZ](https://twitter.com/NaxoneZ)
- Anurag Giri - [facebook.com/Surgent10cross](https://www.facebook.com/Surgent10cross)
- Shahee Mirza - [@shaheemirza](https://twitter.com/shaheemirza)
- Wyatt J. Brown
- Jakub Zoczek - [Blog](http://zoczus.blogspot.com)
- Ben Campbell of MWR InfoSecurity - [labs.mwrinfosecurity.com](https://labs.mwrinfosecurity.com)
## 2011 - 2013
- Yuji Kosuga - [@yujikosuga](https://twitter.com/yujikosuga)
- M.R.Vignesh Kumar - [@vigneshkumarmr](https://twitter.com/vigneshkumarmr)
- [Ajay Singh Negi](http://computersecuritywithethicalhacking.blogspot.in/) - [@AjaySinghNegi](https://twitter.com/ajaysinghnegi)
- Krutarth Shukla - [@Krutarth Shukla](https://twitter.com/KrutarthShukla)
- [Shashank](http://www.freemium-devils.in/) - [@cyberboyIndia](https://twitter.com/cyberboyIndia)
- Atulkumar Hariba Shedage
- Rafay Baloch - [http://rafayhackingarticles.net](http://rafayhackingarticles.net/)
- Himanshu Kumar Das - [@mehimansu](https://twitter.com/mehimansu)
- Ali Hasan Ghauri - [http://alihassanpenetrationtester.blogspot.com/](http://alihassanpenetrationtester.blogspot.com/)
- Remy van Elst - [https://raymii.org](https://raymii.org/)
- Chiragh Dewan - [@ChiraghDewan](https://twitter.com/ChiraghDewan)
- Emanuel Bronshtein - [@e3amn2l](https://twitter.com/e3amn2l)
- Kamil Sevi - [@kamilsevi](https://twitter.com/kamilsevi)
- [Guifré Ruiz Utgés](https://linkedin.com/in/guifre)
- Ricardo Sateler - [@rsateler](https://twitter.com/rsateler)
- Tejash Patel - [http://www.backtracktutorial.com](http://www.backtracktutorial.com/)
- Adam Ziaja - [http://adamziaja.com](http://adamziaja.com/)
- Frans Rosén - [https://detectify.com](https://detectify.com/)
- Ehraz Ahmed - [@securityexe](https://twitter.com/securityexe)
- [Muhammad Mujtaba](http://www.twitter.com/mushti) - [BugSheet](http://www.bugsheet.com)
- [Narendra Bhati(R00t Sh3ll)](https://twitter.com/imnarendrabhati) - Cyber Octet Pvt. Ltd.
- NITESH SHILPKAR - [@NiteshShilpkar](https://twitter.com/NiteshShilpkar)
- [Mayank Bhatodra](https://www.facebook.com/iamyourfri3nd)
- Joe DeMesy - [Bishop Fox](http://www.bishopfox.com/)
- Osanda Malith Jayathissa - [@OsandaMalith](https://twitter.com/OsandaMalith)
- Manish Bhattacharya - [http://manishbhattacharya.com](http://manishbhattacharya.com)
- [Saurabh Chandrakant Nemade](https://www.facebook.com/saurabh.nemade)
- Pradeep - [@_IND3C0D3](https://twitter.com/_IND3C0D3)
- Pralhad Chaskar - [@c0d3xpl0it](https://twitter.com/c0d3xpl0it)
- Devesh Bhatt - [@deveshbhatt11](https://twitter.com/deveshbhatt11)
- [Daksh Patel](https://facebook.com/dakshxss)
- Ketankumar B. Godhani - [@KBGodhani](https://twitter.com/KBGodhani)
- Mukesh Dhama and Rishiraj Sharma
- joernchen of [Phenoelit](http://www.phenoelit.de/)
- Nigel Kukard - [http://www.allworldit.com](http://www.allworldit.com)
- Sahil Saif - [@bewithsahilsaif](https://twitter.com/bewithsahilsaif)
- Matthew DeTullio - [http://www.linkedin.com/in/mjdetullio](http://www.linkedin.com/in/mjdetullio)
- Abdullah Hussam Gazi - [@Abdulahhusam](https://twitter.com/Abdulahhusam)
- Agastya Rudroj
- Jay Turla of HP Fortify