Report security finding in GitHub itself

[mbld]

Select Topic Area

Bug

Body

Hello, I probably discovered a critical security issue in GitHub itself. What is the best way to get in touch with someone from GitHub to discuss and analyze the finding?

[davevad93]

Hi @mbld , take a look at this:

• About coordinated disclosure of security vulnerabilities

If you have found a vulnerability, you can submit it here:

• GitHub Bug Bounty: GitHub Security

[mbld]

Hi, @davevad93 thanks for pointing this out. I already filed it as bug to the bounty program. But I am worried that the potential vulnerability will be disclosed before GitHub triages my bug report. Because I had to report it to another affected party as well. This means besides of me there are multiple people informed about this potential security vulnerability. All of them agreed to keep it private but I cannot guarantee for everyone to behave in a "fair" way.

If anyone has option to raise visibility/priority of my bug report with ID 2478262 that would make calm me down.