Responsible Disclosure Statement

BASF investigates all reports of security vulnerabilities affecting BASF web presence. If you are a security researcher and believe you have found a security vulnerability, please send an e-mail to us at BASF Responsible Disclosure.

Our guidelines

Give us enough details to reproduce the vulnerability
Allow us a reasonable amount of time to fix the vulnerability before making any information public
Avoid data deletion, unauthorized data access, and service disruption while testing the vulnerability you found
Do not ask for compensation for your report

Our commitment

We will let you know when we received your report
We will give you an estimate of how long the fix will take
We will tell you when we have fixed the vulnerability

Our thanks

If your vulnerability report is valid and you would like to be recognized for your contribution, we will gladly add you to our “Heroes of BASF” list, by name or anonymously. We will only add you to our “Heroes of BASF” list, if this is explicitly requested by you.

Heroes of BASF

The following researchers have helped us identify and fix vulnerabilities. Thanks to all!

2025

Gaurav Wagh Twitter (X)

Team-DisclosureX Cybrgen LinkedIn

Emanuel Kayowuan LinkedIn

Rushikesh Patil LinkedIn

Jayanth Changala LinkedIn

Ahmad Alassaf LinkedIn

Aryawardhan Singh Twitter (X)

Arpit Sharma LinkedIn

Laburity Website

Andrea Amaddio LinkedIn

Swaroop Patil LinkedIn

Rafli Setyawan Winata LinkedIn

Md Yasir Linkedin

Yash K Jare LinkedIn

Michal Biesiada Twitter (X)

Jasdeep Bajwa

Saumya Agarwal

2024

Karthikeyan.C LinkedIn

Prial Islam https://pri.al

Ashish Rai

Everton (Hydd3n) LinkedIn

Sahil Prashant Jadhav

Vrushali Tukaram Sadhana Pote LinkedIn

Sagar Rawat Twitter

Saumadip Mandal Twitter

Aditya Singh LinkedIn

Debasis Pradhan LinkedIn

Nitya Nand Jha (Shunux) LinkedIn

Varel Valensio LinkedIn

Ashish Rai LinkedIn

Vedavyasan S (ved4vyasan)

Shivang Maurya

Brijesh (Redhet) Twitter (X)

Ishwar Kumar

Ramim (nayeems3c) Twitter (X)

Rabindra Man Bajracharya Linkedin

Henav Doshi Linkedin

Shubham Sharma LinkedIn

Tycho Knight

Vikash Gupta Linkedin

Jitendra Behera

Aurang Maheta Linkedin

Rishyendra M.

Omkar Harishchandra Mirkute Linkedin

Jitendra Behera Linkedin

Kunal Rajendra Sonavane Linkedin

Koresh Babu LinkedIn

Sarvagn Pathak LinkedIn

Mohd Ali (revengerali) LinkedIn

Mukund Bhuva LinkedIn

Abdelrahman Ibrahim Farg LinkedIn

Marcin "MaNo" Nowak LinkedIn

Shivam Dhingra LinkedIn

Ashutosh Lalbahadur Gupta LinkedIn

Atharva Milan Urankar LinkedIn

Sagar Ramesh Ranjana Jondhale LinkedIn

Kent Apostol LinkedIn

Harsh Sanghvi LinkedIn

Rivek Raj Tamang LinkedIn

Saad Ibna Hossain Twitter (X)

Mallampati surendra Reddy LinkedIn

Mayur Dattatray Shinde LinkedIn

Prachi Pophale

YOGESWARAN M LinkedIn

Ethical Hacker

Maroine Youcefi LinkedIn

Mr. Armlet

Infoziant Security LinkedIn

Seyavan LinkedIn

KYND Cyber

Devansh Chauhan LinkedIn

Lahari Karanam LinkedIn

Ravi Shankar Siddireddi

Keyur Maheta LinkedIn

Ankush Arun Kashyap LinkedIn

AKHIL C.D. LinkedIn

Krishna Agwal LinkedIn

Faiz Ahmad Habibi LinkedIn

K S RAKSHIT LinkedIn

Muralidharan K LinkedIn

Tanishk Saini LinkedIn

JayaPrawin.M LinkedIn

Gurudatt Choudhary LinkedIn

2023

Ereshwari Valmik LinkedIn

Mohan Kumar N LinkedIn

Kauê Navarro LinkedIn

Abdul Samad LinkedIn

Clandestine Twitter

Takshal Patel

Tirth A Patel

Navreet S. LinkedIn

nhiephon Twitter

Husain and Mansoor E-Mail

Biswajeet Ray

Mridul Vohra LinkedIn

Amit Kumar Biswas Twitter

Sanjay Singh

Rohit Sharma LinkedIn

ahmad alassaf

Ereshwari Valmik

Sumeet Baa Twitter

Satyam Singh LinkedIn

Mukund Bhuva LinkedIn

Karimul Islam Shezan Twitter

Satyam Shinde LinkedIn

Ayansh Sinha LinkedIn

aoxsin @aoxsin

Oday Ahmed

Shivam Sharma LinkedIn

Prince Kumar LinkedIn

Adrian Tirado Garcia LinkedIn

Tabassum Saif

Sachin Paraddy

Azad Meena LinkedIn

Durvesh Kolhe LinkedIn

Umang Bawaria LinkedIn

Aman Verma

Nirjhar Banik LinkedIn

Rishabh Gupta LinkedIn

Dida Arda

Abhijith A LinkedIn

Abdul Samad LinkedIn

Dzmitry Smaliak

Yash Kushwah LinkedIn

Amiy Kumar

Marthala Guru Maheswara Reddy LinkedIn

Noor Mohammad Gagguturi LinkedIn

Vinit Lakra LinkedIn

Miguel Segovia Gil LinkedIn

Gaurang Maheta LinkedIn

Immanuel Willi LinkedIn

M K Rahul Rao/Bugboy07 LinkedIn

Nikhil Kumar A/SpiritBoy LinkedIn

Saad Ibna Hossain

Petrescu Research

Abdelrahman Ibrahim Farg LinkedIn

Karthikeyan.C LinkedIn

Parth Narula

Umang Bawaria LinkedIn

Sankalpa Baral Facebook

Sagar Ramesh Jondhale LinkedIn

Boya Vamshi Krishna LinkedIn

Mitchell Robson Website

Aashay Kadam LinkedIn

Ayush Jhanwar LinkedIn

Brijesh Prajapati Twitter

Deepak Kumar

Nitesh Singh

Falko L

Michael Klimenko

Vijay Sutar (Sierra circuit)

Ori Levi

2022

A. Damodaran Facebook

Pranay Bantawa Facebook

Tahmid Niloy Facebook

AOXSIN Twitter

Deepak Kumar ( CipherEra )

Ravindra Dagale LinkedIn

D. Nussko Website

Edge Nask

Ramansh Sharma LinkedIn

Amen Al Aloush Linkedin

Ahmad Alassaf

Meet Narkhede Linkedin

Krishna Agarwal Linkedin

Mr!dul Vohra LinkedIn

Rohit Sharma LinkedIn

Felipe Gabriel Renzi LinkedIn

Nikhil Rane LinkedIn

Damanpreet Singh Twitter

Venkatesh L Sharma Twitter

Farhan Islam Shafin Twitter

Harsh Bhanushali LinkedIn

love yadav LinkedIn

S. Kushwaha GitHub

Muhammad Hasyim Asyari Website

Dinesh Kumar LinkedIn

Harinder Singh(S1N6H)

Girish B O

Kokalagi Rushikesh LinkedIn

Soham Lad LinkedIn

2021

Kunal Karnik

Felipe Gabriel Renzi

Ramesh Kumar Sekar LinkedIn

hoggervr (South Africa) LinkedIn

Aman Kumar LinkedIn

Ravi Kishor @DrAppSec

Kushagra Sarathe

Muhammad Julfikar Hyder @thejulfikar

Kiran Battaluri

Guillermo Gregorio LinkedIn

Mik

Sagar Yadav @sagaryadav8742

Alan Abhilash @alan_abhilash

Mohit Khemchandani

snak3 @_snak3

Aswin Krishna @733n_wolf

Gaurav Popalghat @N008x

Pranshu Tiwari

Ravi Teja

Soma Harish Reddy Mannem

Abdelrahman Khaled

Ansan Binoy

Prathamesh Surekha Prakash Pawar

Vijay Farswan @Veloc

Vikas Yadav

Jan Hoersch (Secure Systems Engineering)

Shaun Budding @pudsec

Carsten Sandker (Secure Systems Engineering)

Abhinav Sharma @Dtattoedhackers

Nasur Ullah

Yehonatan Shachor

Rahul Varale LinkedIn

Ashutosh Raval

Bharat (mrnoob)

Paul Dannewitz

Ananthu J

Navneet Anand LinkedIn

Simranjit Singh

2020

Florian Kunushevci

Shail Shah

Kamran Saifullah

Avishek Nayal

Gopi Akkalaneni

Mehedi Hasan Remon

Roy Mustang

Gul Hameed

Ahmed Hegazy

Marc Seguin

Aditya Thebe

Naveen Kumawat

Fawaz Masood Qureshi LinkedIn

Raveen. G @kill__3r

Elwin Shaji @elwin_shaji

Ai Ho @j3ssiejjj

Foysal Ahmed Fahim @foysal1197

Kasper Karlsson

Sanem Sudheendra LinkedIn

Ritik Chaddha @RitikChaddha

Patrick Lang LinkedIn

Indira Sabeesh

SecuNinja secu.ninja

Vedant Shinde

Yunus Aydin @aydinnyunuss

Mohd Waseyuddin @waseyuddin

Pardon Mukoy LinkedIn

Husain Murabbi LinkedIn

Mansoor Rangwala LinkedIn

Abdullah Khawaja @hax_3xploit

Gal Nagli

2019

Abhijeet Sarkar
Agung Saputra
Agung Saputra Ch Lages
Deep Yadav
G Sri Tharun Reddy
Khizar Ul Haq
Hamza Shahid
lalka1337
Lalka

Mohammad Berro
Mustafa Diaa
Ratnadip Gajbhiye
Rituraj Vishwakarma
Sachin Sharma
Shivam Pandey
Sumit Grover @sumgr0
Ubaid Ahmed
Utkarsh Agrawal

Vishnu
Vismit Rakhecha

2018

Abhishek Misal

Adity Jadhav

Aditya Jadhav

Akash Labade

Akash Mondal

Amal Mohandas

Ankit Singh

Ashish Kunwar

Danish Tariq

Florian Zyprian

Jayesh Patel

Jose Carlos Exposito Bueno

Juba Baghdad

Mahesh Raykar

Mehul Patil

Mitesh Patil

Muhammad Qasim Munir

Murtada Kamil

Pratik Raut

Saynam Chawla

Shivam Kamboj

Shubham Maheshwari

Sourav Newatia

Vineet Kumar

Yeasir Arafat

2017

Djaber Djoukhrab

Please note: In sharing information with us, you agree that the information will be considered as non-proprietary and non-confidential and that we are allowed to use the information in any manner, in whole or in part, without any restriction. Sharing information with us does not constitute any rights for you or any obligation for us.

Please do not share any personal information with us. Any personal information shared with us will be processed and used in accordance with the applicable data protection regulation; however, BASF will not store any personal information about you unless you provide them to us. By requesting to be added to our “Heroes of BASF” list, you explicitly consent in the publication, use and processing of your name.