@tunz found that malicious github-mac: URLs could be crafted, leading to arbitrary remote code execution when visited by users. This vulnerability was fixed in version 207 of the GitHub for Mac application.
github-mac: