We want to keep GitHub safe for everyone. If you've discovered a security vulnerability in GitHub, we appreciate your help in disclosing it to us in a responsible manner.
White Hat
Publicly disclosing a vulnerability can put the entire community at risk. If you've discovered a security concern, please email us at security@github.com. We'll work with you to make sure that we understand the scope of the issue, and that we fully address your concern. We consider correspondence sent to security@github.com our highest priority, and work to address any issues that arise as quickly as possible.
Please act in good faith towards our users' privacy and data during your disclosure. We won't take legal action against you or administrative action against your account if you act accordingly: White hat researchers are always appreciated.
Thanks!
Thank you for your help with keeping the GitHub community safe. We really appreciate it.
And a very special thanks to the following people that have responsibly disclosed vulnerabilities in the past (an * indicates two or more vulnerabilities were reported):
Note: While we sincerely appreciate reports for vulnerabilities of all severity levels, listing on this page is reserved for people who have reported previously unknown vulnerabilities, which GitHub has determined to be, of a high or critical severity. Or in cases where there has been continued research or other contributions made by the person.
- Monendra Sahu
- Greg Ose - @gregose
- SimranJeet Singh -
@TurbanatorSJS
- Ben Murphy - @benmmurphy
- Kamil Sevi - @kamilsevi *
- Krutarth Shukla - @krutarth-shukla *
- Stefan Beller - @stefanbeller
- Neal Poole - @NealPoole
- Atulkumar Hariba Shedage - @atulshedage
- Ritesh Arunkumar Sarvaiya - @RiteshSarvaiya
- Mohamed Ramadan - @Attack_Secure
- Rakan Alotaibi - @hxteam
- Frans Rosén - @detectify
- Rafay Baloch - @rafaybaloch
- Himanshu Kumar Das - @himanshudas
- Ajay Singh Negi - @ajaysinghnegi *
- Bradley Falzon - @bradleyfalzon
- Ben Toews - @mastahyeti *
- Rasmus Lerdorf - @rlerdorf
- Emanuel Bronshtein - @emanuelb
- Ari Rubinstein - @arirubinstein
- Jonathan Rudenberg - @titanous
- Ben Evans - @bencevans
- Lukas Reschke - @LukasReschke
- Davide D'Agostino - @DAddYE
- Subodh Iyengar - @siyengar
- Maxim Rupp
- Nils Jünemann - @totallyunknown *
- Gabríel Arthúr Pétursson - @polarina
- Gunnar Guðvarðarson - @Gunni
- Leo Lou - @l4u
- Mala - @mala
- Sri Prasanna - @sriprasanna
- Sebastian McKenzie - @sebastianmckenzie
- Ben Cartwright Cox - @benjojo
- Egor Homakov - @homakov
- Michael Hudson-Doyle - @mwhudson
- Adam Baldwin - @evilpacket *
- Mike Naberezny - @mnaberez
- joernchen of Phenoelit - @joernchen
- Stephen Sclafani - @StephenSclafani
- Tito Bouzout (Montevideo, Uruguay) - @titoBouzout
- Simon Brown - @simonbrown
- Kenny MacDermid - @KenMacD
- Nate Benes - @natebenes
- Jehiah Czebotar - @jehiah
- Daniel Zulla - @zulla
- Richard "RichiH" Hartmann - @RichiH
- Einar Otto Stangvik - @einaros
- David Black - @d1b
- Brendan Coles *
- Joseph Dougherty - @JDougherty
- Charlie Somerville - @charliesome *
- Stefano Di Paola of Minded Security - @wisec
- Dan Palmer - @danpalmer
- Masato Kinugawa
- Peter Manser - @petermanser
- Ryan Petrich - @rpetrich
- Jonathan Baudanza - @jbaudanza
- Brian Carlson - @brianc
- Evan Jones - @evanj
If you have responsibly disclosed a security vulnerability in the past and would like to have your name listed here, please email support@github.com with details.
