• Webhooks might be discarded and review are not performed under some circumstances
• Inability to sign up via GitHub, when your user doesn't have any email address associated with it
• XSS prevention might flag incorrect detections (false positives) in Visualforce pages in some circumstances