GitHub Security Bug Bounty
Our users’ trust is something we never take for granted here at GitHub. In order to earn and keep that trust we are always working to improve the security of…
Our users’ trust is something we never take for granted here at GitHub. In order to earn and keep that trust we are always working to improve the security of our services. Some vulnerabilities, however, can be very hard to track down and it never hurts to have more eyes.
We are excited to launch the GitHub Bug Bounty to better engage with security researchers. The idea is simple: hackers and security researchers (like you) find and report vulnerabilities through our responsible disclosure process. Then, to recognize the significant effort that these researchers often put forth when hunting down bugs, we reward them with some cold hard cash.
Bounties typically range from $100 up to $5000 and are determined at our discretion based on actual risk and potential impact to our users. For example, if you find a reflected XSS that is only possible in Opera, which is < 2% of our traffic, then the severity and reward will be lower. But a persistent XSS that works in Chrome, which accounts for > 60% of our traffic, will earn a much larger reward.
Right now our bug bounty program is open for a subset of our products and services (full list is on the site), but we are already planning on expanding the scope as the things warm up.
Check out the GitHub Bug Bounty site for full details, and happy hunting!
Tags:
Written by
Related posts
GitHub Copilot app: The agent-native desktop experience
At Microsoft Build 2026, GitHub introduced new tools, updates, and surfaces so agents can work the way you already work.
Still a developer. Just outside. Our latest GitHub Shop collection is here.
The ESC collection lets you escape the confines of your desk and get out into the sun where good ideas are bound to happen.
Take your local GitHub sessions anywhere
Kick off work in VS Code or the CLI, finish it from your phone. Remote control for GitHub Copilot sessions is now generally available on github.com and GitHub Mobile.