GitHub Security Policy
Software security researchers are increasingly engaging with Internet companies to hunt down vulnerabilities. Our bounty program gives a tip of the hat to these researchers and provides rewards of $30,000 or more for critical vulnerabilities.
If you’ve found a vulnerability, submit it here.
You can find useful information in our rules, scope, targets and FAQ.