GitHub Gist


GitHub Gist is our service for sharing snippets of code or other text content. Gist is built on Ruby on Rails and leverages a number of Open Source technologies.

Focus areas

Ineligible submissions

Secret gists are accessible via URL without authentication

If you share the URL of a secret gist, anyone with access to the URL will be able to see it without authentication. This is an intentional feature.

Submit a vulnerability for GitHub Gist

Recently collected GitHub Gist bounties:

1 not-an-aardvark 2000 pts Teddy Katz Insufficient token scope checks for Gist access via Git
2 kamilhism 500 pts Kamil Hismatullin Gist archive download content spoofing
3 ershad 500 pts Ershad Kunnakkadan Disclosure of Gist forks turned secret
4 vito 400 pts Alex Suraci Gists deleted on web were still available via git operations
5 bureado 2000 pts José Miguel Parrella Improper restriction of Gist subdomain routing