In the upper-right corner of any page, click your profile photo, then click Settings.
In the left sidebar, click Applications.
Click the Authorized OAuth Apps tab.
Review the tokens that have access to your account. For those that you don't recognize or that are out-of-date, click , then click Revoke. To revoke all tokens, click Revoke all.
Reviewing your authorized applications (OAuth)
You should review your authorized applications to verify that no new applications with expansive permissions are authorized, such as those that have access to your private repositories.