@alokmenghrajani notified us about a potential vulnerability that could allow certain responses from our servers to be treated by the browser as a Flash file. An exploit of this could allow an attacker to host a specially crafted Flash applet on GitHub.com, allowing for XSS or other attacks. We addressed this issue by improving our input validation and by modifying the servers’ responses to ensure that they wouldn’t be treated as Flash files.