👋 We've unified all of GitHub's product documentation in one place! Check out the content for REST API, GraphQL API, and Developers. Learn more on the GitHub blog.

Responsible Disclosure of Security Vulnerabilities

Were you able to find what you were looking for?

We want to keep GitHub safe for everyone. If you've discovered a security vulnerability in GitHub, we appreciate your help in disclosing it to us in a responsible manner.

Bounty Program

Like several other large software companies, GitHub provides a bug bounty to better engage with security researchers. The idea is simple: hackers and security researchers (like you) find and report vulnerabilities through our responsible disclosure process. Then, to recognize the significant effort that these researchers often put forth when hunting down bugs, we reward them with some cold hard cash.

Check out the GitHub Bug Bounty site for bounty details, review our comprehensive Legal Safe Harbor Policy terms as well, and happy hunting!

Were you able to find what you were looking for?

Ask a human

Can't find what you're looking for?

Contact us