The GitHub API is used by thousands of developers and applications to programatically interact with GitHub data and services. Because so much of the GitHub.com functionality is exposed in the API, security has always been a high priority.
Rewards range from $555 up to $20,000 and are determined at our discretion based on a number of factors.
All functionality under on the
TCP port 80 and 443.
Information leaks, especially those based on timing attacks, generally are considered low severity and may not qualify.
|1||5000 pts Kamil Hismatullin Bypass OAuth access policy on GraphQL API|
|2||5000 pts Patrick Recher Insufficient authorization check of GitHub App repo creation|
|3||500 pts Mark L. Smith List repositories API returns incorrectly cached response|
|4||1500 pts Aleksandr Dobkinimg src404 onerroralert(document.domain) Cross-site scripting in Markdown API|
|5||1000 pts joernchen of Phenoelit MySQL typecasting authentication bypass|