Bounty: $555$20000

GitHub Gist


Gist is one of the first products launched by GitHub after It is a service for sharing snippets of code or other text content. Gist is built on Ruby on Rails and leverages a number of Open Source technologies.

Rewards range from $555 up to $20,000 and are determined at our discretion based on a number of factors. For example, if you find a reflected XSS that is only possible in Opera, and Opera is <2% of our traffic, then the severity and reward will be lower. But a persistent XSS that works in Chrome, at >60% of our traffic, will earn a much larger reward.

You can find the app at

Bounty scope

Submit a vulnerability for GitHub Gist

Recently collected GitHub Gist bounties:

1 kamilhism 500 pts Kamil Hismatullin Gist archive download content spoofing
2 ershad 500 pts Ershad Kunnakkadan Disclosure of Gist forks turned secret
3 vito 400 pts Alex Suraci Gists deleted on web were still available via git operations
4 bureado 2000 pts José Miguel Parrella Improper restriction of Gist subdomain routing
5 benhc123 800 pts Ben Holden-Crowther CSRF in Gist abuse reporting