GitHub Security Policy

Software security researchers are increasingly engaging with Internet companies to hunt down vulnerabilities. Our bounty program gives a tip of the hat to these researchers and provides rewards of $30,000 or more for critical vulnerabilities.

If you’ve found a vulnerability, submit it here.

You can find useful information in our rules, scope, targets and FAQ.