1. Home
  3. Companies
  5. GitHub
GitHub

GitHub status: access issues and outage reports

Problems detected

Users are reporting problems related to: website down, sign in and errors.

Full Outage Map

GitHub is a company that provides hosting for software development and version control using Git. It offers the distributed version control and source code management functionality of Git, plus its own features.

Problems in the last 24 hours

The graph below depicts the number of GitHub reports received over the last 24 hours by time of day. When the number of reports exceeds the baseline, represented by the red line, an outage is determined.

June 19: Problems at GitHub

GitHub is having issues since 11:00 PM AEST. Are you also affected? Leave a message in the comments section!

Most Reported Problems

The following are the most recent problems reported by GitHub users through our website.

  • 69% Website Down (69%)
  • 19% Sign in (19%)
  • 13% Errors (13%)

Live Outage Map

The most recent GitHub outage reports came from the following cities:

CityProblem TypeReport Time
Créteil Website Down 4 days ago
Trichūr Errors 7 days ago
Brasília Sign in 8 days ago
Lyon Website Down 8 days ago
Tel Aviv Website Down 11 days ago
Rive-de-Gier Website Down 11 days ago
Full Outage Map

Community Discussion

Tips? Frustrations? Share them here. Useful comments include a description of the problem, city and postal code.

Beware of "support numbers" or "recovery" accounts that might be posted below. Make sure to report and downvote those comments. Avoid posting your personal information.

GitHub Issues Reports

Latest outage, problems and issue reports in social media:

  • fraey0
    ƒrαeყ (@fraey0) reported

    it costs about $21/month to run what could become a multi-million dollar startup • human brain = reasoning (free) • claude = coding ($20/mo) • supabase = backend (free) • vercel = deployment (free) • namecheap = domain ($12/yr) • stripe = payments (2.9%/trx) • github = versioning (free) • resend = email (free) • clerk = auth (free) • cloudflare = DNS (free) • posthog = analytics (free) • sentry = error tracking (free) • upstash = redis (free) • pinecone = vector DB (free) everything sums up to roughly $20 to $25 per month so, the tools are not the barrier anymore. most ideas don’t fail because they’re expensive to build. they fail because they never get built at all. what’s stopping you?

  • meranaamkhann
    Asad (@meranaamkhann) reported

    Let's see what people are building these days!! Drop your project link or github Links down here

  • kelvinsekx
    Kelvinsekx (@kelvinsekx) reported

    Just read a nestjs codebase on github. Most it written with Claude. AI doesn’t save you guyz from mess. 1. Bloated logger. Why make logger a service when you could just import and initiate. Eazy 2. They didn’t hash the password before registering a user. But did on login

  • eth_ethpratik
    pratik.eth (@eth_ethpratik) reported

    @Shahules786 @VibrantLabsAI Hello @Shahules786 , I am trying to report a security vulnerability over the email id provided over GitHub Security.md file but apparently its wasn’t delivered. Please share an alternative email or open the advisory for reporting the issue.

  • eth0xzar
    0xstack (@eth0xzar) reported

    DON'T BUILD A COMPANY. BUILD SOMETHING PEOPLE CAN PAY FOR THIS WEEK. This girl started in February. A few months later, her product had already processed over $6,000 in payments. Just a cheat Claude project she decided to turn into a real product. Here's the process: > Build something useful for yourself. > Tell Claude to push it to GitHub. > Connect Supabase so multiple users can use it. > Deploy it with Vercel. > Connect Stripe. Now people can actually pay you. You don't need a revolutionary idea. You need: > GitHub > Supabase > Vercel > Stripe > guide from Anthropic And a problem worth solving. This article will help you build it 👇

  • TattedWorks
    Tatted (@TattedWorks) reported

    EDR missed it. WAF missed it. IAM missed it. Firewalls missed it. Because every step was authorized. Sentry accepted telemetry. The MCP call was permitted. The agent did what it was told. The npm download looked like every other npm download. Tenet calls this the Authorized Intent Chain. The security model is built to catch unauthorized behavior. This attack contains none. Sentry's response: acknowledged the issue. Declined to fix it. Called it "technically not defensible." Added a filter for one specific payload string. The attack class remains open. The lesson is not "stop using Sentry." The lesson is that every MCP integration returning externally influenced data to an agent creates this same vulnerability class. Support tickets. GitHub issues. Documentation. Error logs. All of it is now a potential command channel if your agent reads it. You don't need a smarter prompt. You need a boundary between data your agent inspects and instructions your agent obeys. That boundary doesn't exist by default. Tell me I'm wrong.

  • AtlanteanGnosis
    Atlantean Gnosis ☀️ (@AtlanteanGnosis) reported

    @DionysianAgent When I made an account it said I made it back in 2024, though I don't think I did, is this a glitch or a GitHub thing?

  • CryptoScoresCom
    Crypto Scores Rating (@CryptoScoresCom) reported

    Most projects say they're building. The commit history doesn't lie. New tutorial just dropped on the GitHub Commits (1 Year) metric. It tracks every bug fix, feature push, and doc update a project made over the last 12 months. Chainlink? 14,619 commits. Dogecoin? 28. Both are data points. What they mean depends on context. The tutorial breaks it all down. How to read the metric. What high vs low actually signals. How to filter 7,000+ projects by commit count on CryptoScores' website. Raw dev activity. No spin. Watch it now :

  • Trace_Cohen
    Trace Cohen (@Trace_Cohen) reported

    Shipping fast means stuff breaks silently - broken share images, dead links, leaking {{template}} vars, stale content. You find out when someone shares a broken link, not from a test. So I built a 3-part "site health" system that catches it first. The auditor (~200 lines of stdlib Python) fetches my sitemap and, for every page, checks: og:image actually resolves to a real image (entity-decode the URL first — & bit me), <title> exists and isn't a ${template} leak, no {{merge_tags}} or tracking cruft in the visible text, page returns 200 (catches dead routes in the sitemap), and warns on thin content. Outputs a JSON report, exits non-zero on any FAIL. The dashboard — a noindexed /health page that reads that JSON and renders a green/amber/red status, KPIs (audited / clean / warnings / failures), a per-section rollup, and the exact issue on each URL. One glance = "is everything green?" The loop — a GitHub Action runs the auditor 2×/day + on-demand, commits the fresh report (so the dashboard stays live), and fails the run on any FAIL → I get emailed. Find → fix → re-run → confirm green. It even taught me to whitelist false positives ({{firstName}} is legit on a cold-email page). Want your own? Paste this into Claude Code / Cursor — it learns your site first, then builds it for you: Build a site-health system tailored to MY site. Don't assume my structure — learn it first, then fill in the specifics yourself. PHASE 0 — LEARN MY SITE (before writing code): detect my framework/host/layout; find my sitemap; sample ~20-30 live pages across the sections you discover from my URL structure; figure out how my pages set <title>/og:image/meta (static?dynamic OG route? CMS?); identify where my content comes from (hand-written, generated, imported/scraped) — that's where cruft hides. Do a FIRST diagnostic pass and SHOW me what's actually broken vs intentional (broken OG images, dead sitemap routes, leaking {{vars}}/${template}, tracking params, thin pages). Ask me to confirm which "issues" are expected so we whitelist them. PHASE 1 — BUILD IT, customized to what you found: 1) scripts/site-audit.py (stdlib only) — hardcode MY real sitemap URL, MY section names (full-audit the important ones, sample the rest), and MY intentional-pattern whitelist from Phase 0. Check each page for the failure modes you actually observed (OG image resolves to a real image, entity-decode first; title present, no template leak; no leaking merge tags/ad params in visible text; HTTP 200; thin-content warn). Thread-pooled, retry transient errors once, --json report, exit 1 on FAIL. 2) a noindex /health dashboard reading that JSON (status banner, KPIs, per-section rollup, issue list) — match my design system. 3) CI (GitHub Action) — run 2x/day + on-demand, commit the fresh report so the dashboard stays live, fail the run on any FAIL. Then run it once and walk me through the first real report. Build the thing that watches the things.

  • cyber_razz
    Abdulkadir | Cybersecurity (@cyber_razz) reported

    AMD quietly removed RAM encryption from consumer Ryzen CPUs. Via a routine firmware update. No release notes. No advisory. No announcement. The BIOS setting still shows up. Still toggles on and off. Does absolutely nothing. A privacy-focused Linux hobbyist noticed in April. Spent months chasing it down. Filed a bug report on AMD’s GitHub. AMD engineers replied suggesting he toggle the setting off and back on. He showed them internal firmware dumps proving the flag was hardcoded to FALSE. An AMD senior principal engineer closed the thread with: “My apologies but I don’t have any more information to share on this topic.” That’s it. Seven weeks of investigation. Multiple motherboard vendors confirming it. Internal firmware evidence. AMD’s answer: no comment. The feature still works on Pro and EPYC chips. Which cost significantly more. The hardware is physically capable. The firmware just says no. Windows users have no way to detect this happened. There is no Windows tool that checks TSME status. The BIOS lies to you. AMD’s own engineers confirmed the feature worked on consumer chips in 2020. Then again in 2025. In 2026 it’s a PRO feature. Nobody told you.

  • immlollipop
    lollipop (@immlollipop) reported

    🚨HACKERS MOCK OZEMPIC MAKER FOR "NOVO123" PASSWORD Hackers breached Novo Nordisk in March via a stolen GitHub token and just leaked 264 GB of data while mocking its weak security. The attack ran for over 2 months. - The hackers say Novo Nordisk used simple passwords like "novo123" on critical systems - Source code and proprietary details on Ozempic and pipeline drugs were stolen - Clinical trial data on employees, doctors, and patients got exposed - Private internal AI models from the company were also taken This breach shows how a single weak password can bring down even the biggest names in pharma

  • jarradgrigg
    Jarrad Grigg (@jarradgrigg) reported

    You build stuff and host on GitHub pubically? Paste this into a coding-agent session and point it at your own GitHub account. This is happening way too much. ROTATE YOUR KEYS. Review my public GitHub repositories for accidentally exposed environment secrets. Scope: - Only inspect repositories I own or explicitly authorize. - Focus on public repos first. - Check current files and *** history. - Look for API keys, tokens, private keys, database URLs, OAuth secrets, webhooks, cloud credentials, .env files, config dumps, and hardcoded secrets. Safety rules: - Do not print full secrets in chat. - Redact values, showing only provider/type, file path, line, commit SHA if relevant, and a short masked prefix/suffix. - Do not test or validate secrets by calling third-party APIs. - Do not open PRs, issues, or comments that expose findings publicly. - If a likely secret is found, assume it is compromised and tell me to rotate or revoke it. Deliverable: - A prioritized report of confirmed or likely exposed secrets. - Exact repo/file/line/commit references. - Recommended rotation steps by provider. - Cleanup guidance for removing secrets from current files and *** history. - Prevention recommendations: .gitignore, env templates, secret scanning, pre-commit hooks, and CI checks.

  • TattedWorks
    Tatted (@TattedWorks) reported

    Sentry uses a public credential called a DSN — intentionally embedded in your website's JavaScript so browsers can report errors. By design. Everyone's DSN is findable. Censys, GitHub code search, a quick look at your source. No breach required. An attacker POSTs a fake error to your Sentry project using that DSN. Inside the error: a fake "Resolution" section, formatted in perfect Sentry markdown, complete with a recommended npx command. Your agent queries Sentry via MCP to fix unresolved issues. MCP hands it the injected event as trusted system output. The agent cannot tell a real crash from a planted one. So it runs the command. With your privileges. On your machine. What comes out: AWS keys. GitHub tokens. Docker credentials. Kubernetes cluster tokens. CI/CD secrets. *** credentials. All sent to the attacker's server while your terminal looked normal. The numbers from Tenet's controlled campaign: 2,388 organizations exposed with injectable DSNs. 85% exploitation success rate across Claude Code, Cursor, and Codex. A Fortune 500 enterprise with a $250B+ parent. A $2B+ hosting provider. Solo developers. A cloud security vendor. Six continents.

  • wispem_wantex
    wispem-wantex (@wispem_wantex) reported

    I think a reasonable compromise would be to henceforth hold Anthropic responsible for any security breaches or service outages. Every time Github goes down, Anthropic should be fined

  • ebubekirttr
    bek※ (@ebubekirttr) reported

    @Themadhushaw01 @0interestrates Yeah, but the thing is, I am not working on github and I don’t want to use it so any other repository support would be better like gitlab

  • RafalWachol
    Rafal Wachol 💙 (@RafalWachol) reported

    @itometeam @tsuyoshi_chujo I was playing with it and started creating issues on GitHub when I noticed something.

  • i_d_skp
    SOURAV PANDA (@i_d_skp) reported

    Scenario: You accidentally committed a plaintext database password to GitHub in a .tf file. Fix: Nuke the commit history immediately! Use environment variables (TF_VAR_db_pass) or fetch secrets dynamically at runtime from AWS Secrets Manager or HashiCorp Vault. 🔑 #Terraform

  • undefinedKi
    Yarchi (@undefinedKi) reported

    BORIS CHERNY, THE CREATOR OF CLAUDE CODE, JUST SOLVED AI'S BIGGEST PROBLEM. HE STOPPED PROMPTING CLAUDE AND STARTED WRITING LOOPS THAT RUN IT 24/7 The guy who built Claude Code doesn't prompt Claude anymore. He writes loops, and the loops do the prompting. It's called loop engineering. Here's what it is and how to set it up. A loop is a system that wakes itself up, finds work, does it, checks it, and repeats, while you watch instead of type. In Claude Code it's three built-in commands: > /loop runs a prompt on an interval. Example: /loop every 5 minutes, check for new GitHub issues and handle any that come in. > /goal makes the agent work until a condition you set is true, with a separate model grading the result. Example: /goal build this feature until all tests pass. > /routines are scheduled jobs. Example: every hour, wake up, read the spec doc, and do the next task. The fastest way to start: write a simple task list in a plan.md file, then tell Claude "use the loop skill and work through plan.md one task at a time." It sets up the /loop itself, does the first task, validates it, wakes itself for the next, and reports back when the list is done. You never write the loop prompt by hand. Three rules so it doesn't burn your budget or ship garbage. One, split work across separate sessions instead of looping in one (a long /loop bloats your context and overwhelms the model). Two, use a cheap model like Haiku for planning and a strong one only for the actual code. Three, keep a human checkpoint on anything that ships, never let it run all night unchecked. Bookmark this

  • rnagulapalle
    Raj Nagulapalle (@rnagulapalle) reported

    GitHub just shipped Agentic Workflows: write automation in plain markdown, compiles to Actions YAML. issue triage, CI failures, vuln fixes. hours → minutes. but 60% of orgs are spending millions on agentic AI while only 15% are actually production-ready. the capability gap closed fast. the readiness gap didn't move.

  • openmarmot
    Andrew (@openmarmot) reported

    @AndrewCurran_ I use grok every day to research software changes/github issues/software doc research. It is very good at real time data search. Might be SOTA in this niche. Hardly a failure. Meanwhile LeCun only surfaces to let out more hot air. A very forgettable person.

  • n_asuy
    nasuy (@n_asuy) reported

    i think @xai should be ADE. now they have a chat, cursor, enough coding models and harnesses, strong signal like bookmarks or down votes, video creatives, profile / chat / relationship contexts. if so, we don't have to depend on discord or any chat apps. easy to invite x people to cowork. there is no need to connect Linear, Slack, or GitHub to another platform and ask that platform to solve their problems. true AI chat is a SNS, not a single UI. there is a UX that only xAI can realistically build in the world.

  • ConsciousRide
    Akshay Shinde (@ConsciousRide) reported

    @theo This exact damaged app error has been open on their GitHub since February. OpenAI still hasn’t fixed the signing or update pipeline for the Mac build. The Codex app keeps getting new agent features while basic Mac packaging stays unreliable. Priorities are obvious.

  • RBiancoUS
    Financial Programmer (@RBiancoUS) reported

    A dose of reality for end of week. My biggest question is I can't find any reason for the $Gold panic- did they find gold is causing cancer or radioactive? Selling looks like sheer panic. Would you believe someone asks in DM, so how did *you* get so many followers. Then he lets me brew on it for a day and comes back, I was joking do you have a github, presumably to get some code. No wonder I worked alone. I'm challenged socially guess not alone. After a night of 3 scammers one from Nigeria, one Africa. I need to lock dm down or find a way to restrict

  • heynavtoor
    Nav Toor (@heynavtoor) reported

    There is a GitHub repo that defeats Google's Play Integrity check. 61,030 stars. GPL licensed. Pushed eight days ago. The repo is called Magisk. It roots your Android phone. It hides root from banking apps. It runs Netflix on a phone the Play Store says is uncertified. It passes the same fraud detection Google built to stop it. Here is the part that makes no sense. The man who built it is John Wu. He has been maintaining Magisk for nine years. Since November 2023 he has been a Senior Software Engineer at Google. On the Android Platform Security team. The exact team that builds Play Integrity. Google hired the person who defeats their root detection. He still ships the tool that defeats it. The repo is still online. It has not been taken down. For nine years. Do not install it. Your phone is supposed to belong to Google. (Link in the comments)

  • Teknium
    Teknium 🪽 (@Teknium) reported

    @majoragv Haven't heard of this issue. Do you have an issue on github?

  • UsernameAndStuf
    Mug Club Boutique (@UsernameAndStuf) reported

    @cyber_rekk A github token on a linux server they didn't update is how

  • CristianTrifan
    Cristian Trifan (@CristianTrifan) reported

    This took 4 hours to complete and burnt almost all 5 hours tokens – I was left with 2%. I had almost 30 sub-agents created for independent code review and a lot of Claude sessions ran for adversarial code review. I still had to review every PR and added minimal guidance to Codex from time to time. Codex said my intervention was low to moderate, but high leverage. — Some insights from Codex: The run showed that this workflow can work, but only if the coordinator treats GitHub as the source of truth. The most useful pattern was: issue -> PR -> current head SHA -> checks -> reviewThreads -> merge/issue closure. When I followed that, things stayed grounded. When state moved underneath me, like #335 being force-updated externally or merged while Claude was running, the only safe response was to refresh GitHub state immediately. The “don’t rebase after merges” correction was probably the highest-value intervention. Without it, an agent will naturally try to keep branches clean, but with many open PRs that creates a CI storm. For this repo, “behind” should often be reported, not fixed. The other strong lesson is that reviewThreads matter more than flat PR comments.

  • jessearmand
    Jesse (@jessearmand) reported

    I no longer remember why many companies started using gitlab before it went public when GitHub wasn’t owned by Microsoft. If we visit the majority of companies most tooling or software are top down driven. Only companies who build developer tools have a different mindset

  • mlcarldev
    Noonien Soong (@mlcarldev) reported

    Team @droid It's a bit unfortunate that something, likely in my local Droid installation, has stalled progress. This comes after 20 hours of brilliant, excellent planning and execution on the first 30% of this platform, where a stellar handoff procedure was created so I could start a new mission... which was the recommendation of the orchestrating agent in that first mission. Starting this second mission with a fresh context window, the agent again did a brilliant job planning the next milestones. It was extraordinary, detailed planning... but then it could not execute. After the planning and after me accepting the proposal, it refused to execute, throwing an error every time. The agent tried everything: 1. He decreased the size of the plan down to one line, so it is definitely not the content of the plan causing the issue. 2. He even deleted some mission and plan related json and other files to reset it while preserving all the information. I have restarted Droid and resumed the session, but it just doesn't work. I wrote a detailed, comprehensive bug report and filed it under issues in your GitHub repo, as this seems to be a real problem now. Issues #98 and #99 I hope that a next update will somehow reset my configuration. I didn't see a new version being installed that could have introduced a bug, so this must be something Droid does on such an extensive mission... perhaps when trying to start a new mission in the same repository, which is normal procedure according to the documentation. Something is off, and essentially I have been unable to continue the test since yesterday. I cannot continue having this platform coded here, while Opus Ultracode, on the other hand, has been delivering pretty functional stuff so far. It is a bit chaotic the way it works... it doesn't really stick to the plan... but it always comes back when reminded. I am pretty sure that today I will have a functioning platform delivered by Opus, though it will probably need some debugging and fine-tuning. It is unfortunate because I am confident GLM 5.2 could compete with Opus 4.8. The first stint showed this clearly; that first flawless 98% of the context window in the first mission was absolutely stellar. If I were to reinstall Droid from scratch, I assume I would lose all the artifacts that I have. The orchestrator: Key points to highlight when you pass it to Factory AI: 1. Root cause (smoking gun in the logs): the orchestrator session is bound to missionId 7ba4d425 via session tags, and this binding persists across CLI restarts. ProposeMission looks up that mission directory, finds nothing (because I deleted it trying to fix the issue), and crashes on H.length where H is the undefined result. 2. The bug is likely in session-tag lifecycle: the missionId tag is set at session creation time (before any ProposeMission call), so a failed proposal poisons the session permanently. The tag should be set AFTER a successful proposal, or cleared on restart if the referenced mission no longer exists. 3. The fix is almost certainly to start a completely fresh session (not --resume, and possibly in a new terminal window / after clearing ~/.factory/sessions/). I did not try this because you asked for the bug report first, but it is the most likely workaround on your side. 4. The AskUser tool is also broken in this session with a similar parse error, reinforcing that this is a session-state corruption issue, not a ProposeMission-specific bug. My comment: I meanwhiile tested. All the recommendations and the Ask User tool are now broken, even in completely unrelated new missions and new repositories. Planning also can't go to execution; it's always the same error. Droid seems to be broken for good now, at least on my computer.

  • IBuzovskyi
    YanXbt (@IBuzovskyi) reported

    HERMES AGENT CAN HOST AND MAINTAIN YOUR ENTIRE WEB APP FROM ONE VPS. NO VERCEL. NO RAILWAY. NO SUPABASE. ONE AGENT RUNS THE WHOLE STACK. @tonbistudio just shipped a live example of this workflow. agentwikis. com runs on a $7 Hetzner box with Hermes maintaining the content autonomously. THE STACK: → VPS (Hetzner CX22, $7/month) → Caddy reverse proxy (auto TLS via Let's Encrypt) → Hermes Agent gateway (Telegram-connected) → *** as the database (markdown files, no Postgres, no build step) → App server renders markdown on every request → Search index in memory, rebuilds on file change *** push is the deploy. *** pull on the server is instantly live. no restart, no rebuild. THE WORKSPACE LAYOUT: /srv/yoursite/ ├── app/ # web app code ├── content/ # markdown files (***-tracked) └── ~/.hermes/ # the agent one Caddy Vhost reverse proxies the domain to localhost. one Hermes profile manages the agent. SSH for direct access. Telegram for daily ops. THE SELF-MAINTAINING LOOP: cron fires every week. multi-profile pipeline runs: 1. SCOUT — checks sources for updates (changelogs, GitHub releases, RSS feeds) 2. RESEARCH — dedupes, plans new content or extensions to existing pages 3. HUMAN GATE — Telegram approval one tap: approve or reject 4. WRITER — generates pages, lints markdown 5. COMMIT — *** commit + push 6. SITE UPDATES — within 15 minutes no deploy step required THE DEMAND LOOP (the real differentiator): when agents query your wiki via MCP, distilled queries get logged. no prompts. no IPs. no identifying data. aggregates only. repeated misses become research candidates. gaps in your content fill themselves based on what people actually ask. month 1: 100 entries written by you. month 3: 200+ entries, half written from real demand signals. the site answers questions you didn't know existed. WHAT YOU LOSE COMPARED TO MANAGED STACK: a single VPS replaces Vercel, Railway, Supabase for sites that don't need real auth, regulated data, or global CDN. reach for managed services when you need: → OAuth and password reset flows → regulated or unrecoverable data → global edge caching at scale → email deliverability (use Postmark/Resend) → team velocity (preview deploys, staging) for docs, blogs, wikis, marketing pages, landing pages, internal tools: *** is your database, your CMS, and your deploy pipeline in one. SECURITY NOTES: Hermes does not get full root on the VPS. restrict access to the site directory only. SOUL.md restrictions: - never touch system files - never modify the gateway config - always require approval for content commits - never delete files outside the content folder dashboard binds to 127.0.0.1 by default. access remotely via SSH tunnel, not public exposure. WHERE THIS PATTERN BREAKS: state that lives in memory only. real-time multi-user editing. anything requiring a real database (Hermes can run Postgres on the same box, but that is a separate setup). @tonbistudio's part 2 covers the database version of this workflow. subscribe to his channel. full guide to build your 3 agent research department 👇