stored xss bug
create a public repo and create a issue .
now in issue upload a html file with xss payload inside.
When any user view the repo and click the attachment link then xss is executed .
you can upload https://github.com/ranjit-git/poc/edit/master/evilsvgfile.svg this file also
https://drive.google.com/file/d/11wxTj8ILFLxRe2uoAvQ_39i7Hqa1tWHI/view?usp=sharing