@adob discovered several flaws in our parsing of URLs for redirection. An attacker could have exploited these flaws to redirect users from GitHub.com to arbitrary sites. Some of the flaws also could have been abused to gain access to OAuth applications as another user. We have addressed this issue by improving our redirect URL checking.