Bounty: $200$10000

GitHub Enterprise


GitHub Enterprise is the on-premises version of GitHub. GitHub Enterprise shares a code-base with, is built on Ruby on Rails and leverages a number of open source technologies.

GitHub Enterprise adds a number of features for enterprise infrastructures. This includes additional authentication backends and clustering options. Below is a subset of features unique to GitHub Enterprise that might be interesting to investigate.

Rewards range from $200 up to $10,000 and are determined at our discretion based on a number of factors. For example, a vulnerability in a service that is intended to be restricted from external access would have a lower reward than one within the core GitHub Enterprise web interface.

You can request a trial of GitHub Enterprise for security testing at

Bounty scope

Submit a vulnerability for GitHub Enterprise

Recently collected GitHub Enterprise bounties:

1 iblue 10000 pts Markus Fenske GitHub Enterprise management console remote code execution
2 orangetw 7500 pts Orange Tsai GitHub Enterprise remote code execution via SSRF
3 soby 5000 pts Brian Soby, Freefly Security GitHub Enterprise SAML signature bypass
4 jkakavas 5000 pts Ioannis Kakavas GitHub Enterprise SAML signature bypass
5 jkakavas 10000 pts Ioannis Kakavas GitHub Enterprise SAML authentication bypass