GitHub Desktop

Synopsis

GitHub Desktop is an open-source Electron-based app for working with your GitHub.com or GitHub Enterprise account. It uses the dugite and dugite-native libraries for performing git operations.

Even if the issue you identified is out-of-scope and ineligible for our bounty program, we encourage you to open an issue upstream. Please see our our severity guidelines for more information about how severities are calculated.

Focus areas

• Remote code execution via protocol handlers such as x-github-client://
• Code execution without user interaction such as when cloning or fetching malicious repositories
• Code execution that requires minimal, expected user interaction, such as performing actions on a repository that a user would not expect to lead to code execution

Out of scope

• Code execution requiring social-engineering or unlikely user interaction is typically not eligible for rewards.
• Vulnerabilities which do not trigger code-execution are out-of-scope and ineligible for reward.