pull down to refresh

One could argue that $30k is not enough for a CVSS score of 10 but I don’t know
update: even the article mentions $30k as conservative
Though, even $30,000 might be conservative. "The upper bound for critical vulnerabilities is only a guideline, and GitHub may reward higher amounts for exceptional reports," GitHub says. Since this was a maximum severity security hole, the person who found it might have been paid very generously indeed.
So maybe they were paid more