On the evening of March 8, we invalidated all authenticated sessions on GitHub.com created prior to 12:03 UTC on March 8 out of an abundance of caution to protect users from an extremely rare, but potentially serious, security vulnerability affecting a very small number of GitHub.com sessions. On March 2, GitHub received an external report of anomalous behavior for their authenticated GitHub.com user session.
Read full article on Github