GitHub API
Synopsis
The GitHub API is used by thousands of developers and applications to programatically interact with GitHub data and services. Because so much of the GitHub.com functionality is exposed in the API, security has always been a high priority.
Rewards range from $200 up to $10000 and are determined at our discretion based on a number of factors.
You can find the app at https://api.github.com and can find the API documentation at https://developer.github.com.
Bounty scope
All functionality under on the
api.github.comdomain.TCP port 80 and 443.
Information leaks, especially those based on timing attacks, generally are considered low severity and may not qualify.
Recently collected GitHub API bounties:
| 1 |  |
1500 pts Aleksandr Dobkinimg src404 onerroralert(document.domain) Cross-site scripting in Markdown API |
| 2 |  |
1000 pts joernchen of Phenoelit MySQL typecasting authentication bypass |