GitHub CLI is an open source command line tool for working with your GitHub.com account. It is built with Golang, and performs several GitHub.com commands from your terminal, such as viewing, commenting and performing other actions on issues and PRs.
- Code execution without user interaction when cloning or fetching malicious repositories
- Leakage of credentials to an external attacker without access to the local system
Out of scope
- Code execution requiring social-engineering or unlikely user interaction is typically not eligible for rewards.
- Vulnerabilities which require local system access, such as local credential storage issues, etc.
- Such vulnerabilities are out-of-scope and ineligible for reward. However, we encourage you to open an issue upstream.
Recently collected GitHub CLI bounties:
No vulnerabilities have been reported yet. Yours can be the first!