Reports about excessive CPU, memory, disk, or storage consumption within a user’s own codespace are billing or quota concerns, not security vulnerabilities. This includes bypassing disk partition limitations within the codespace VM.

Codespace VMs may have access to cloud metadata services (for example, 169.254.169.254). Network access to and retrieval of metadata from these services within the same codespace VM is expected behavior and not eligible for a reward.

Reports are eligible only if metadata service access can be used to cross tenant boundaries, access another user’s codespace, access GitHub internal infrastructure, or otherwise violate Codespaces isolation guarantees.

Codespaces run user-defined environments configured via dev containers. Vulnerabilities in third-party packages, Docker images, VS Code extensions, or other software—whether pre-installed or added by the user or their dev container configuration—are the responsibility of the upstream maintainer and not eligible for a reward. This includes known CVEs in pre-installed dependencies.

A codespace will intentionally provide its user with elevated access including, but not limited to:

• root access within the container
• access to the Docker socket (docker.sock)
• ability to mount host directories via Docker Compose
• read access to VM-level resources such as /proc

This level of access within a user’s own codespace is expected by design and not eligible for a reward. However, if these capabilities can be used to access another user’s codespace, reach GitHub internal infrastructure, or otherwise cross the codespace’s VM isolation boundary, that would be in scope.