René's URL Explorer Experiment


Title: Ineligible submissions | GitHub Bug Bounty

Open Graph Title: Ineligible submissions

X Title: Ineligible submissions

Opengraph URL: https://bounty.github.com/ineligible.html

X: @githubsecurity

Generator: Jekyll v4.3.1

direct link

Domain: bounty.github.com


Hey, it has json ld scripts:
{"@context":"https://schema.org","@type":"WebPage","headline":"Ineligible submissions","publisher":{"@type":"Organization","logo":{"@type":"ImageObject","url":"https://bounty.github.com/images/noircat@2x.png"}},"url":"https://bounty.github.com/ineligible.html"}

NoneIE=edge
og:localeen_US
og:site_nameGitHub Bug Bounty
og:typewebsite
twitter:cardsummary

Links:

GitHub Securityhttps://bounty.github.com/
Scopehttps://bounty.github.com/scope
Targetshttps://bounty.github.com/targets
Ruleshttps://bounty.github.com/rules
Rewardshttps://bounty.github.com/rewards
Ineligible Submissionshttps://bounty.github.com/ineligible
Abouthttps://bounty.github.com/about
Bloghttps://github.blog/tag/bug-bounty/
FAQshttps://bounty.github.com/faq
Submit a vulnerabilityhttps://hackerone.com/github
OAuth client ID and secrets are publicly available in desktop and mobile appshttps://bounty.github.com/ineligible#oauth_client_id_and_secrets_are_publicly_available_in_desktop_and_mobile_apps
Use of known-vulnerable softwarehttps://bounty.github.com/ineligible#use_of_knownvulnerable_software
Vulnerability in upstream dependencieshttps://bounty.github.com/ineligible#vulnerability_in_upstream_dependencies
Clickjacking a static sitehttps://bounty.github.com/ineligible#clickjacking_a_static_site
Local Accesshttps://bounty.github.com/ineligible#local_access
Network Denial of Servicehttps://bounty.github.com/ineligible#network_denial_of_service
Typosquattinghttps://bounty.github.com/ineligible#typosquatting
Vulnerabilities identified in Open Source Repositorieshttps://bounty.github.com/ineligible#vulnerabilities_identified_in_open_source_repositories
Arbitrary code execution in dependency update jobshttps://bounty.github.com/ineligible#arbitrary_code_execution_in_dependency_update_jobs
Secret gists are accessible via URL without authenticationhttps://bounty.github.com/ineligible#secret_gists_are_accessible_via_url_without_authentication
Code Execution in Actionshttps://bounty.github.com/ineligible#code_execution_in_actions
Bypassing build log secret redactionhttps://bounty.github.com/ineligible#bypassing_build_log_secret_redaction
General abuse or exhaustion of resourceshttps://bounty.github.com/ineligible#general_abuse_or_exhaustion_of_resources
Availability of resources inside a workflow runhttps://bounty.github.com/ineligible#availability_of_resources_inside_a_workflow_run
Access to build artifacts without user sessionhttps://bounty.github.com/ineligible#access_to_build_artifacts_without_user_session
Resource consumption within a user's own codespacehttps://bounty.github.com/ineligible#resource_consumption_within_a_users_own_codespace
Access to metadata services from within a codespacehttps://bounty.github.com/ineligible#access_to_metadata_services_from_within_a_codespace
Vulnerabilities in third-party software within a codespacehttps://bounty.github.com/ineligible#vulnerabilities_in_thirdparty_software_within_a_codespace
Privileged access within a user's own codespacehttps://bounty.github.com/ineligible#privileged_access_within_a_users_own_codespace
Vulnerabilities in GitHub Copilot Chat extension and Inline Suggestions in Visual Studio Codehttps://bounty.github.com/ineligible#vulnerabilities_in_github_copilot_chat_extension_and_inline_suggestions_in_visual_studio_code
Prompt Injectionshttps://bounty.github.com/ineligible#prompt_injections
The security of code suggested by Copilothttps://bounty.github.com/ineligible#the_security_of_code_suggested_by_copilot
Tokens suggested by Copilothttps://bounty.github.com/ineligible#tokens_suggested_by_copilot
Prototype featureshttps://bounty.github.com/ineligible#prototype_features
Off topic conversationhttps://bounty.github.com/ineligible#off_topic_conversation
Credentials which have been detected by GitHub's Token Scanning featurehttps://bounty.github.com/ineligible#credentials_which_have_been_detected_by_githubs_token_scanning_feature
Credentials on GitHubhttps://bounty.github.com/ineligible#credentials_on_github
Vulnerabilities caused by lack of subdomain isolationhttps://bounty.github.com/ineligible#vulnerabilities_caused_by_lack_of_subdomain_isolation
Escalation to the root user via sudohttps://bounty.github.com/ineligible#escalation_to_the_root_user_via_sudo
Access to sensitive configuration information with local accesshttps://bounty.github.com/ineligible#access_to_sensitive_configuration_information_with_local_access
Bypassing source code de-obfuscationhttps://bounty.github.com/ineligible#bypassing_source_code_deobfuscation
On-screen data is not hidden when backgrounding the apphttps://bounty.github.com/ineligible#onscreen_data_is_not_hidden_when_backgrounding_the_app
No jailbreak detectionhttps://bounty.github.com/ineligible#no_jailbreak_detection
Vulnerabilities in out-of-scope subdomainshttps://bounty.github.com/ineligible#vulnerabilities_in_outofscope_subdomains
Vulnerabilities in GitHub Pages hosted contenthttps://bounty.github.com/ineligible#vulnerabilities_in_github_pages_hosted_content
Subdomain Takeoverhttps://bounty.github.com/ineligible#subdomain_takeover
Including HTML in Markdown contenthttps://bounty.github.com/ineligible#including_html_in_markdown_content
Leaking email addresses via .patch linkshttps://bounty.github.com/ineligible#leaking_email_addresses_via_patch_links
Phishing using Unicode homoglyphs, RTLO, or non-printable charactershttps://bounty.github.com/ineligible#phishing_using_unicode_homoglyphs_rtlo_or_nonprintable_characters
Email verification policyhttps://bounty.github.com/ineligible#email_verification_policy
Email Invitationshttps://bounty.github.com/ineligible#email_invitations
Impersonating a user through git email addresshttps://bounty.github.com/ineligible#impersonating_a_user_through_git_email_address
DMARC, SPF and DKIM email policyhttps://bounty.github.com/ineligible#dmarc_spf_and_dkim_email_policy
Bypassing country restrictions for SMS two-factor authenticationhttps://bounty.github.com/ineligible#bypassing_country_restrictions_for_sms_twofactor_authentication
Vulnerabilities in repositories hosted on GitHubhttps://bounty.github.com/ineligible#vulnerabilities_in_repositories_hosted_on_github
Host header injectionhttps://bounty.github.com/ineligible#host_header_injection
Timing attacks which reveal a private repository or userhttps://bounty.github.com/ineligible#timing_attacks_which_reveal_a_private_repository_or_user
2FA does not invalidate existing sessionshttps://bounty.github.com/ineligible#2fa_does_not_invalidate_existing_sessions
Enabling 2FA without a verified emailhttps://bounty.github.com/ineligible#enabling_2fa_without_a_verified_email
Vulnerabilities caused by out-dated browsershttps://bounty.github.com/ineligible#vulnerabilities_caused_by_outdated_browsers
Camo image proxyhttps://bounty.github.com/ineligible#camo_image_proxy
Lack of Sudo modehttps://bounty.github.com/ineligible#lack_of_sudo_mode
Community and safety bypasses that do not affect privacyhttps://bounty.github.com/ineligible#community_and_safety_bypasses_that_do_not_affect_privacy
Activity in archived reposhttps://bounty.github.com/ineligible#activity_in_archived_repos
Accessing certain disabled functionalityhttps://bounty.github.com/ineligible#accessing_certain_disabled_functionality
Lack of rate limitinghttps://bounty.github.com/ineligible#lack_of_rate_limiting
Email and Username Enumerationhttps://bounty.github.com/ineligible#email_and_username_enumeration
OAuth App Redirecthttps://bounty.github.com/ineligible#oauth_app_redirect
Lack of Secret Scanning Alerthttps://bounty.github.com/ineligible#lack_of_secret_scanning_alert
Vulnerabilities in out-of-scope subdomainshttps://bounty.github.com/ineligible#vulnerabilities_in_outofscope_subdomains
Social engineeringhttps://bounty.github.com/ineligible#social_engineering
Local accesshttps://bounty.github.com/ineligible#local_access
Arbitrary code execution in commands that modify the package treehttps://bounty.github.com/ineligible#arbitrary_code_execution_in_commands_that_modify_the_package_tree
Upstream dependencieshttps://bounty.github.com/ineligible#upstream_dependencies
Vulnerabilities in packages that are hosted on the registryhttps://bounty.github.com/ineligible#vulnerabilities_in_packages_that_are_hosted_on_the_registry
Malicious packageshttps://bounty.github.com/ineligible#malicious_packages
Infrastructure vulnerabilitieshttps://bounty.github.com/ineligible#infrastructure_vulnerabilities
Timing attacks that reveal a private packagehttps://bounty.github.com/ineligible#timing_attacks_that_reveal_a_private_package
GitHub Mobilehttps://bounty.github.com/targets/github-for-mobile
GitHub CLIhttps://bounty.github.com/targets/github-cli
GitHub Pageshttps://pages.github.com/
ruleshttps://bounty.github.com/rules
support teamhttps://support.github.com/request
SECURITY.mdhttps://docs.github.com/en/code-security/getting-started/adding-a-security-policy-to-your-repository
intentional featurehttps://help.github.com/articles/about-gists/#secret-gists
encrypted secretshttps://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets
dev containershttps://docs.github.com/en/codespaces/setting-up-your-project-for-codespaces/adding-a-dev-container-configuration/introduction-to-dev-containers
GitHub Copilot Chat extensionhttps://code.visualstudio.com/docs/copilot/chat/getting-started-chat
Inline Suggestions from GitHub Copilothttps://code.visualstudio.com/docs/copilot/ai-powered-suggestions
Bug Bounty Programhttps://www.microsoft.com/en-us/msrc/bounty
Our blog has more information about our approach to securing code suggestionshttps://github.blog/2023-02-14-github-copilot-now-has-a-better-ai-model-and-new-capabilities/
Token Scanninghttps://help.github.com/articles/about-token-scanning/
GitHub Advanced Security Scanning protectionshttps://docs.github.com/en/code-security/secret-scanning/about-secret-scanning?learn=secret_scanning&learnProduct=code-security
this REST APIhttps://docs.github.com/en/rest/credentials/revoke?apiVersion=2022-11-28#revoke-a-list-of-credentials
subdomain isolationhttps://docs.github.com/en/enterprise-server@3.16/admin/configuring-settings/hardening-security-for-your-enterprise/enabling-subdomain-isolation?learn=improve_security_of_your_instance&learnProduct=admin
scopehttps://bounty.github.com/scope
Supporthttps://support.github.com/request
GitHub Flavored Markdownhttps://help.github.com/articles/about-writing-and-formatting-on-github/
About Commit Email Addresseshttps://help.github.com/en/articles/setting-your-commit-email-address#about-commit-email-addresses
support portalhttps://github.com/contact/report-abuse
support teamhttps://github.com/contact/report-abuse
let us know by contacting our support teamhttps://github.com/contact
two-factor authentication methodhttps://help.github.com/articles/configuring-two-factor-authentication/
secret teamhttps://help.github.com/articles/about-teams/
Sudo modehttps://help.github.com/en/github/authenticating-to-github/sudo-mode
safetyhttps://help.github.com/en/github/building-a-strong-community/maintaining-your-safety-on-github
supported secret scanning patternshttps://docs.github.com/en/code-security/secret-scanning/introduction/supported-secret-scanning-patterns
create custom patterns for secret scanninghttps://docs.github.com/en/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning
scopehttps://bounty.github.com/scope
you can set the --ignore-scripts flaghttps://docs.npmjs.com/cli/using-npm/config#ignore-scripts
As stated in the npm documentationhttps://docs.npmjs.com/cli/using-npm/config#ignore-scripts
contact supporthttps://support.github.com/request
https://bounty.github.com/
Termshttps://github.com/site/terms
Privacyhttps://github.com/site/privacy
Securityhttps://github.com/security
Follow us on Xhttps://x.com/GitHubSecurity

Viewport: width=device-width, initial-scale=1


URLs of crawlers that visited me.