Bounty: $555$20,000

GitHub Enterprise


GitHub Enterprise is the on-premises version of GitHub. GitHub Enterprise shares a code-base with, is built on Ruby on Rails and leverages a number of open source technologies.

GitHub Enterprise adds a number of features for enterprise infrastructures. This includes additional authentication backends and clustering options. Below is a subset of features unique to GitHub Enterprise that might be interesting to investigate.

Rewards range from $555 up to $20,000 and are determined at our discretion based on a number of factors. For example, a vulnerability in a service that is intended to be restricted from external access would have a lower reward than one within the core GitHub Enterprise web interface.

You can request a trial of GitHub Enterprise for security testing at

Bounty scope

Submit a vulnerability for GitHub Enterprise

Recently collected GitHub Enterprise bounties:

1 Psychotropos 500 pts Ioannis Profetis GitHub Enterprise pre-receive hooks access sensitive localhost services
2 iblue 10000 pts Markus Fenske GitHub Enterprise management console remote code execution
3 orangetw 7500 pts Orange Tsai GitHub Enterprise remote code execution via SSRF
4 soby 5000 pts Brian Soby GitHub Enterprise SAML signature bypass
5 jkakavas 5000 pts Ioannis Kakavas GitHub Enterprise SAML signature bypass