@arirubinstein reported that the management interface to an internal IRC server was publicly accessible, though authentication was required. Any unauthenticated vulnerabilities in this software could have been remotely exploited. We addressed this issue by removing this service from the internet.
@arirubinstein reported a reflected XSS vulnerability that existed within the error message of an internal GitHub application. This vulnerability was mitigated by not reflecting user supplied input in the error message.