GitHub Desktop is an open-source Electron-based app for working with your GitHub.com or GitHub Enterprise account. It uses the
dugite-native libraries for performing git operations.
Even if the issue you identified is out-of-scope and ineligible for our bounty program, we encourage you to open an issue upstream. Please see our our severity guidelines for more information about how severities are calculated.
- Remote code execution via protocol handlers such as
- Code execution without user interaction such as when cloning or fetching malicious repositories
- Code execution that requires minimal, expected user interaction, such as performing actions on a repository that a user would not expect to lead to code execution
Out of scope
- Code execution requiring social-engineering or unlikely user interaction is typically not eligible for rewards.
- Vulnerabilities which do not trigger code-execution are out-of-scope and ineligible for reward.