GitHub API

Synopsis

The GitHub API is used by thousands of developers and applications to programatically interact with GitHub data and services. Because so much of the GitHub.com functionality is exposed in the API, security has always been a high priority.

The API is exposed via the original v3 REST interface and the newer v4 GraphQL interface.

Focus areas

• Privilege escalation via GitHub Apps or OAuth Apps
• Accessing private resources, without a repo-scoped token
• Accessing team discussions without a read:discussion-scoped token
• Bypassing GraphQL resource limitations
• Accessing SAML SSO protected organization data with an unauthorized personal access token
• Bypassing an organization’s OAuth Access Policy to allow untrusted apps to access organization resources

Recently collected GitHub API bounties:

1		2000 pts Kamil Hismatullin Secret Gist disclosure with scopeless OAuth token
2		5000 pts Kamil Hismatullin Bypass OAuth access policy on GraphQL API
3		5000 pts Patrick Recher Insufficient authorization check of GitHub App repo creation
4		500 pts Mark L. Smith List repositories API returns incorrectly cached response
5		1500 pts Aleksandr Dobkin<img src=404 onerror=alert(document.domain)> Cross-site scripting in Markdown API