How do I report a big number of repos?

[dominik-tietz]

Select Topic Area

Question

Body

Hi, I've found a repo spreading malware. After reporting it I found a way to use search to find 121 more repos which do the same. Of course I can't report all of them manually, and I can't find a way to get in contact with the support. Can anybody tell me how I can report it the right way?
Thanks

[IlluMinati-Github]

Hi, good job spotting that. For bulk reporting, the best way is to contact GitHub Support directly: https://support.github.com/contact

Include the list of repos and how you found them. The Trust & Safety team will handle it from there.

Thanks for helping keep the community safe!

[kingck9457]

SOR 點錯回復

[dushyant4665]

Hey!
If you want to report a lot of repositories at once, you can try making a list of all the repo links and send them to GitHub Support using their contact page: https://support.github.com/contact
There isn’t a bulk report option directly on GitHub, so just explain your issue and paste all repo links together.
Hope this helps!

[Fabian1803]

Good catch, and thanks for taking the time to report it.

If you’ve found a large number of repositories spreading malware, reporting them one by one isn’t practical. The best approach is to contact GitHub Support directly and provide a clear explanation, along with one or two example repos and the search query you used to find the rest. That way, their team can investigate the full scope more efficiently.

Appreciate you helping keep the platform safe.

[dominik-tietz]

Hi, first of all thanks for the answers. The Problem I'm having is that I can't find a way to contact the support. If I click on "create ticket" I get redirected to https://support.github.com/request and there are a bunch of options I can select but all of them just redirect to the docs or the community forum. So how exactly can I contact the support? I only have github free.

[shinybrightstar]

Hi @dominik-tietz 👋🏻 We really appreciate you flagging this.

We currently don't have a way to mass-report accounts, but we encourage users to continue flagging abuse through our current reporting tools. We’ll share this feedback with our internal teams.

The abuse reporting tools we have in GitHub are as follows:

• Reporting abuse or spam
• Reporting a user
• Reporting an issue or pull request
• Reporting a comment

You can report behavior and content that violates community guidelines and terms. For this and any future incidents, please refer to the links above.

Thank you!

[tozfek]

I have found that this does not work. I have tried multiple times to report repos that have adult and explicit content and they are not being removed. I have provided the repos, search results and even the search criteria. All forked repos should also be purged.

Additionally. I cannot report an issue since the ... does not provide me the option. This issue should be deleted since it 1) violates github code of conduct and rules 2) is the first search result in google. I also recommend purging all adult streams from your git history to avoid being flagged as containing sexually explicit content. For legitimate repos that no longer house adult content and are maintained they should have the ability to rebase their codebase.

[KushanRuwanPathirana]

1️⃣ For individual repos
You already know: you can click Report abuse on the repo page → Report content → pick Malware or exploits.
But obviously you shouldn’t have to do that 121 times.

2️⃣ For multiple repos or broader abuse
When it’s many repos or a coordinated attack, GitHub wants you to escalate:
Use GitHub’s dedicated abuse and DMCA form:

👉 [GitHub Support Contact – Abuse] (https://github.com/contact/report-abuse)
OR email: abuse@github.com

What to include in your report:

A clear description: “I’ve found a network of 121 repos distributing the same malware.”

How you found them (e.g. a search link or keywords).

Examples: links to 5–10 of them.

Any evidence: files, indicators of compromise, how they spread malware.

You don’t have to list all 121 in detail — just show a pattern. The Trust & Safety team will investigate the rest themselves.

✅ 3️⃣ If it’s urgent or high impact
If you believe it’s serious (e.g. active malware with potential to infect developers), you can also tag:

security@github.com — if it’s an actual vulnerability or exploit.

Or open a GitHub Support ticket here: https://support.github.com/contact → Choose “Report abuse or spam”.

[tozfek]

1. not applicable

2. abuse@github.com is no longer monitored and the GitHub Support Contact – Abuse page redirects to a list of ways to report content without a way to actually report it for edge cases that are not applicable

3. This is not a security threat but I can try to forward my email along.

[somehundred]

Send an email to noc@github.com. It's listed as official abuse contact in WHOIS and is being monitored.

[kingck9457]

downloaded a ZIP file from this GitHub repository, and Windows Defender immediately detected it as a trojan virus. In the repository: https://github.com/Ctrl-Alt-Del-1/oh-my-opencode-slim I found a directly downloadable ZIP file at: https://raw.githubusercontent.com/Ctrl-Alt-Del-1/oh-my-opencode-slim/master/src/config/slim_my_oh_opencode_v3.5-beta.2.zip This ZIP file is not published through official GitHub Releases, but instead exists in the repository source tree, making it easily downloadable via raw.githubusercontent.com. This is a high-risk distribution method. I have attached a screenshot of the Windows Defender detection. After extracting the ZIP, Windows Defender immediately quarantined 'java.exe' and reported "Trojan:Win64/Lazy.PGPK!MTB". Please investigate and remove this malicious file to protect other users. Thank you! src="https://raw.githubusercontent.com/Ctrl-Alt-Del-1/oh-my-opencode-slim/master/src/config/slim_my_oh_opencode_v3.5-beta.2.zip" In addition, according to Article 16 of the Digital Services Act (DSA), this content is illegal within the territory of a Member State of the European Union. I urge you to take prompt action to protect users in the EU and worldwide. As a user who previously downloaded a similar file and then experienced a Blue Screen of Death (BSOD) on my computer within a week, I am very concerned about further harm to others. Windows Defender BUG_20260326_205142.md
我不懂英文 我已經問好幾個AI了 我剛檢舉完 這種類型的 我前陣子有下載並且點擊後什麼反應都沒有,不到一個禮拜就藍屏 說記憶體損壞
以前我是沒有再開防毒的!
這次我又看到這種的模式 我直接先開防毒後才解壓縮!