Bounty: $555$20,000

GitHub API

Synopsis

The GitHub API is used by thousands of developers and applications to programatically interact with GitHub data and services. Because so much of the GitHub.com functionality is exposed in the API, security has always been a high priority.

Rewards range from $555 up to $20,000 and are determined at our discretion based on a number of factors.

You can find the app at https://api.github.com and can find the API documentation at https://developer.github.com.

Bounty scope

Submit a vulnerability for GitHub API

Recently collected GitHub API bounties:

1 kamilhism 5000 pts Kamil Hismatullin Bypass OAuth access policy on GraphQL API
2 patte 5000 pts Patrick Recher Insufficient authorization check of GitHub App repo creation
3 brainopener 500 pts Mark L. Smith List repositories API returns incorrectly cached response
4 adob 1500 pts Aleksandr Dobkinimg src404 onerroralert(document.domain) Cross-site scripting in Markdown API
5 joernchen 1000 pts joernchen of Phenoelit MySQL typecasting authentication bypass