GitHub Credentials


GitHub, Inc. uses a mix of our own physical infrastructure, cloud platforms and third-party services to keep everything running smoothly. Keeping credentials and access tokens secure for these resources is paramount to the security of our employees and users.

Please review our guidance for handling PII before investigating credentials allowing access to GitHub, Inc resources. The reward amount is based on the impact of the leaked credential which will be determined by the GitHub Security team.

Focus areas

Ineligible submissions

Credentials which have been detected by GitHub's Token Scanning feature

GitHub’s Token Scanning feature automatically detects credentials accidentally committed to repositories for a number of service providers. Credentials for GitHub, Inc resources that have already been found via this feature are ineligible for reward.

Submit a vulnerability for GitHub Credentials