Responsible Disclosure

Taking the security of our systems seriously

At Springer Nature, we take the security of our systems seriously. However, no matter how much effort we put into system security, there can still be vulnerabilities. We value the security community and the disclosure of these vulnerabilities helps us ensure the security and privacy of our users.

If you discover a vulnerability, we would like to know about it so we can take steps to address it as quickly as possible.

Discovered a vulnerability?

Send us an email to cybersecurity (AT) springernature (DOT) com

Download PGP public key
(TXT, 6.14 KB)
Received a Phishing or Spoofed Email?

If you suspect that you have received a Phishing or Spoofed Email, please report this to us.

Please do the following:

If you believe you’ve found a security vulnerability in one of our products or platforms 

  1. Send it to us by emailing cybersecurity (AT) springernature (DOT) com
  2. Encrypt the information with our PGP public key.
  3. Provide sufficient information to reproduce the problem, so we will be able to resolve it as quickly as possible. 

Complex vulnerabilities may need further explanation, in which case we will get in touch if we require more detail.

  • Description of the location and potential impact of the vulnerability.
  • The steps required to produce the vulnerability.
  • A description of any tool or script used in the process.
  • Screenshots of each step of the vulnerability.
  • Your hacker handle and link for recognition for our Hall of Fame.

Please do not:

  1. Take advantage of any vulnerability or problem you have discovered, for example by downloading more data than necessary to demonstrate the vulnerability or deleting or modifying other people's data.
  2. Reveal the problem to others until it has been resolved.
  3. Use attacks on physical security, social engineering, distributed denial of service, spam or applications of third parties.

What we promise:

  1. We will respond to your report within two business days with our evaluation of the report and an expected resolution date.
  2. We will handle your report with strict confidentiality, and not pass on your personal details to third parties without your permission.
  3. We will keep you informed of the progress towards resolving the problem.
  4. If you have followed the instructions above, we will not take any legal action against you in regard to the report.
  5. You will be given credit (unless you state otherwise) in our Security Researcher Hall of Fame.

Out of scope

Any services hosted by 3rd party providers and services are excluded from scope.

Security Researcher Hall of Fame

Name of researcher

Hacker Alias



Date Reported

Time To Fix

Md. Nur A Alam Dipu


XSS on

19th February 2019 1443hrs

1 hour

Sushmitha Katikitala

XSS on

26th April 2019 0816hrs

11 days  

Lacroute Serge

Path disclosure on
LFI on
XSS on  

09th May 2019 0931hrs

15 days  

Shivam Pravin Khambe


15th April 2019 1331hrs


Pethuraj M

Content spoofing on

24th May 2019 1743hrs

47 days

Akshat Dubey on DGI-eAcademy    

13th June 2019 0953hrs

35 days    

Sachin Gupta

Content spoofing on

16th July 2019 0652hrs

9 days

Aaditya Kumar Sharma

XSS on

29th May 2019 1331hrs

57 days

Vikas Srivastava, INDIA


File enumeration on

26th June 2019 1249hrs

34 days

GwanYeong Kim


DoS in Cisco appliance

1st Aug 2019 0650hrs

2 hours

Stay up to date

Follow us on Twitter

Here to foster information exchange with the library community

Connect on LinkedIn

Connect with us on LinkedIn and stay up to date with news and development.