GitHub Desktop


GitHub Desktop is an open-source Electron-based app for working with your or GitHub Enterprise account. It uses the dugite and dugite-native libraries for performing git operations.

Even if the issue you identified is out-of-scope and ineligible for our bounty program, we encourage you to open an issue upstream. Please see our our severity guidelines for more information about how severities are calculated.

Focus areas

Out of scope

Submit a vulnerability for GitHub Desktop

Recently collected GitHub Desktop bounties:

1 joernchen 10000 pts joernchen Argument injection when cloning Git submodules
2 zhuowei 5000 pts @zhuowei GitHub Desktop remote code execution
3 xpn 2500 pts xpn XSS in GitHub Desktop
4 NoEffex 2500 pts Aaron GitHub Desktop for Windows remote code execution