Bounty: $0$0

Other applications


GitHub builds and operates a number of web properties and applications. Not all of them are currently part of an open bounty, however, we still appreciate the effort researchers put forth to identify vulnerabilities. Vulnerabilities found in applications not specifically listed on the Open bounties are not currently eligible for cash rewards.

Rules of engagement

Bounty scope

Submit a vulnerability for Other applications

Recently collected Other applications bounties:

1 evilpacket 2500 pts Adam Baldwin GitHub employee tokens exposed via NPM package
2 evilpacket 2500 pts Adam Baldwin NPM token for Electron exposed
3 zhuowei 5000 pts @zhuowei GitHub Desktop remote code execution
4 joernchen 5000 pts joernchen of Phenoelit GIT LFS code execution
5 cmeister2 5000 pts Max Dymond Unintended services exposed to internet due to ACL changes