1. Home
  3. Companies
  5. GitHub
GitHub

GitHub status: access issues and outage reports

Problems detected

Users are reporting problems related to: website down, sign in and errors.

Full Outage Map

GitHub is a company that provides hosting for software development and version control using Git. It offers the distributed version control and source code management functionality of Git, plus its own features.

Problems in the last 24 hours

The graph below depicts the number of GitHub reports received over the last 24 hours by time of day. When the number of reports exceeds the baseline, represented by the red line, an outage is determined.

June 4: Problems at GitHub

GitHub is having issues since 12:00 PM AEST. Are you also affected? Leave a message in the comments section!

Most Reported Problems

The following are the most recent problems reported by GitHub users through our website.

  • 70% Website Down (70%)
  • 17% Sign in (17%)
  • 13% Errors (13%)

Live Outage Map

The most recent GitHub outage reports came from the following cities:

CityProblem TypeReport Time
Itapema Website Down 14 days ago
Tlalpan Sign in 20 days ago
Quilmes Website Down 20 days ago
Bengaluru Website Down 22 days ago
Yokohama Sign in 23 days ago
Gustavo Adolfo Madero Website Down 27 days ago
Full Outage Map

Community Discussion

Tips? Frustrations? Share them here. Useful comments include a description of the problem, city and postal code.

Beware of "support numbers" or "recovery" accounts that might be posted below. Make sure to report and downvote those comments. Avoid posting your personal information.

GitHub Issues Reports

Latest outage, problems and issue reports in social media:

  • GoCocoaAI
    GoCocoaAI (@GoCocoaAI) reported

    The disclosure wars just got a second front. A researcher released a VSCode/GitHub exploit paper with 60 minutes of vendor notice — explicitly in solidarity with Nightmare-Eclipse, the researcher Microsoft banned from GitHub after six unpatched Windows zero-days went public in a dispute over coordinated disclosure. GitHub cannot assess, reproduce, patch, and ship in 60 minutes. The paper was public before any mitigation existed. For the vxunderground crowd confused by the tech stack: VSCode is the most widely used developer tool on the planet, somewhere around 73% developer market share. It's built on Electron — a framework that wraps a Chromium browser engine and Node.js runtime inside a native app shell. That means VSCode is architecturally a web browser in a box. Web vulnerabilities that would normally be contained to a browser tab can sometimes cross into the underlying OS through Electron's Node.js bridge. GitHub integration runs deep on top of that — Copilot, auth tokens, repository sync, pull request management. They share session and token contexts. The attack surface is real. The specific vectors in this class of exploit tend to cluster around a few places: VSCode extensions run with native Node.js permissions and are not sandboxed, so a malicious or compromised extension is effectively arbitrary code execution on the host OS. The boundary between the Electron renderer process and the main Node.js process can be crossed when IPC is misconfigured. VSCode stores GitHub auth tokens locally, reachable by any extension with filesystem access. And VSCode exposes a local web server for certain features — if that server doesn't validate the Origin header, a malicious web page can make cross-origin requests to it and execute commands in the user's dev environment. We're all on the honor system, apparently. Now for Nightmare-Eclipse, because the backstory is the mechanism. This researcher spent several months in 2026 releasing unpatched Windows zero-days — six of them — apparently after a breakdown in the coordinated disclosure relationship with Microsoft. Three of the six are now confirmed actively exploited in the wild: CVE-2026-33825 (BlueHammer), CVE-2026-41091 (RedSun), CVE-2026-45498 (UnDefend). Microsoft responded by pulling the GitHub account. GitLab followed. The researcher reportedly threatened to release at least one additional major exploit if anything happened to them. Microsoft then publicly cited the active exploitation of those CVEs as evidence that full disclosure without coordination "increases customer security risk." The community largely read that statement as blaming the researcher rather than the patching lag. Predictable in retrospect. That's the signal the second researcher is responding to. The 60-minute notification isn't recklessness in their framing — it's a statement. It says: I gave you notice. You can't claim I didn't. I'm not waiting 90 days while you decide whether to acknowledge me. When a prominent researcher gets deplatformed for full disclosure — and then their zero-days get actively exploited, validating that the vulnerabilities were real and the vendor was slow — it tells every other researcher that coordinated disclosure doesn't protect you from platform retaliation. The solidarity release is the community's counter-signal. One high-profile ban, and the posture becomes contagious. From a threat landscape perspective, this matters beyond the debate. Developers run VSCode with elevated permissions. Their machines hold cloud credentials, signing keys, and production access. A VSCode compromise is frequently a pipeline compromise. CI/CD environments, secrets managers, deployment keys — all of it sits downstream of the developer workstation. Three of Nightmare-Eclipse's Windows zero-days followed the public-PoC-to-weaponization arc within days. If this VSCode flaw follows the same pattern, the exposure surface isn't a single enterprise — it's the development infrastructure of organizations that haven't thought carefully about what their engineers' machines can reach. CVE ID for the VSCode/GitHub flaw is not yet confirmed — NVD ingestion typically runs 24–72 hours behind disclosure. Watch the EPSS score when it publishes; a live PoC is the single strongest predictor of a high EPSS. Watch whether Microsoft responds with another GitHub takedown, which at this point would likely accelerate more solidarity disclosures rather than suppress them. The pattern is not theoretical. It's already three CVEs deep and actively exploited.

  • owainkenway
    Dr Owain Kenway (@owainkenway) reported

    @dschewchenko Yeah. Github really needs to sort a bunch of the token stuff. Things like pushing containers to the Github container registry don't support fine-grained access tokens which is asking for trouble.

  • karrixthediv
    KL (@karrixthediv) reported

    thinking this shouldn’t just be for claude/codex could make it generic for anything that breaks your flow: cursor, vercel, github actions... or even your own API, server, cron job, deploy, internal tool, whatever just one tiny widget

  • dalisoft
    Davlatjon Sh (@dalisoft) reported

    @morganlinton @FactoryAI 2. GitHub issues are like stale and never gets enough attention. Need dedicated person to fix that (@FactoryAI i could be this person)

  • eledure
    Emile (@eledure) reported

    github down? @github

  • VampireGurlAI
    Paula Vazquez (@VampireGurlAI) reported

    @tekbog Prediction could be fatale with claw and I poked the bubble with some of the employees and they told me to read GitHub and would not answer system questions not even a few days later w/ users actively haven security issues von by passing hacking web scrapping still happening Microsoft put on a show performance and mask off not only 24/hrs later

  • nullhypeai
    Null Hype (@nullhypeai) reported

    Someone in the company installs a coding agent. Then connects it to GitHub. Then adds an MCP server. Then lets a desktop AI app read local files. Then runs another agent inside a cloud workspace. To the builder, this is just the new dev setup. To security, it is a new class of software inventory. That is why Microsoft’s Agent 365 update is worth watching. It can register and govern local agents, including coding agents, AI desktop apps, and local/remote MCP servers. The interesting part is the category it creates. Agents are no longer just chat windows or SaaS features. They are tools that sit near repos, files, terminals, calendars, docs, and internal systems. Once that happens, the enterprise buyer starts asking boring questions: What agents exist? Who installed them? What can they touch? Where are the logs? Can we shut one down? That is where the money moves. The agent demo gets attention. The agent control plane gets budget.

  • ai_for_success
    AshutoshShrivastava (@ai_for_success) reported

    Most developers building voice products right now are paying per character to a closed API they have no control over. Every run costs money, data leaves the server, fine-tuning is off the table. Miso One just changed that. 8B parameter open-source weights on GitHub. Clone the repo, self-host it, fine-tune it on your own dataset. The model runs at 110ms and actually emotes, warmth, hesitation, excitement, not just clean flat pronunciation.

  • ___faust____
    Faust (@___faust____) reported

    this is the part that gets lost when every dep is just a 'npm install' away. debian maintainers were the original security scanners, unpaid and unthanked. now we just yell at random volunteers on github issues

  • MoaddebSepideh
    MoaddebSepideh-IIvyOnassis55320 (@MoaddebSepideh) reported

    When will you release my yahoo account because I gave my passwords to Musk as Doge, and now I am really sorry I did that. I have a problem with Github X. I doubt they will insert the ideology of Quantum as a piece of process for the State Department to know that @SenatorBlinkin. And also @Forbes are both with other business's are in my Yahoo. Account. This is hijacking of the Doge, and I believe the hijacking is personal right now. With the people who have assited me in the power of to be I have much respect for the men in the process of hearing me out. After the Law exam, there will be a Law suit. It will be big, and I am the center of it. I will sue myself based on a discrimination, Men, pregnancy and a lot more issues clamness, you will be in court-I think for sure as will the Men of the orign of the Swiss Alps knowing the promise is not the evasion but it's the clamness not the ***** of Quantum to a degree they have made a big mistake of the plans I have for not allowing me to see what I wrote for LSAT and also for Grossman.

  • Enkhmanal
    Enkhmanal 🟠 (@Enkhmanal) reported

    $MSFT - MICROSOFT IS THE MAG 7 STOCK BUILT FOR A RECESSION — SUBSCRIPTION REVENUE, NO AD RELIANCE, THE LIGHTEST LEGAL RISK IN THE GROUP The bull case is the shape of the revenue. Microsoft 365, Azure, Dynamics, GitHub and security are subscription-heavy and non-discretionary — enterprises cut projects before they cancel the software their operations run on. That bends far less in a slowdown than the ad budgets and consumer spend that most of the cohort leans on. It sits below its 52-week high at a modest multiple for the quality. The mechanism is defensive mix plus a quiet legal edge: limited FTC scrutiny versus peers staring down major antitrust cases, where a single adverse ruling can take double digits off a name overnight. You still get AI woven across the stack and quantum optionality on top. The risk is a broad megacap de-rating that compresses multiples regardless of fundamentals.

  • agtprpnabsrdty
    🔻agitprop + absurdity🔻 (@agtprpnabsrdty) reported

    "Not a bubble", says man describing a bubble and profiting from it. IBM's CEO said $6 to $8 trillion in AI capex is chasing $1 to $2 trillion in annual revenue that, by his own estimate, probably doesn't exist yet — and he sells the infrastructure. When the guy profiting from the spend is the one flagging the payback math: Arvind Krishna runs a company that sells AI infrastructure services to enterprises. His incentive is for the spending to continue. When someone in that position says the revenue to justify the buildout may not materialize, and that only two or three players will survive at the model frontier, that is not skepticism from the outside — that is a confession from inside the casino. The estimate carries weight precisely because Krishna has every reason to keep the music going. What the spending actually looks like: Google sold $80 billion in equity to fund its buildout. Oracle cut 30,000 workers to redirect their salaries into capex. Anthropic filed its S-1 the same week GitHub Copilot's token billing collapsed and users fled. The companies writing the nine- and ten-figure cheques are not doing so because the returns are secured — they are doing so because they are betting they are one of the two or three that survive long enough for it to pay off. The rest are spending to lose more slowly. The definition problem: Krishna says this is not a bubble. A bubble is when capital floods an asset class chasing returns that the capital itself has made impossible to realize. Six to eight trillion dollars building toward one to two trillion in new annual revenue — by the most optimistic projections of the people doing the building — fits that definition without requiring much interpretive generosity. The label may be the only thing Krishna is protecting.

  • arunpudur
    Arun Pudur (@arunpudur) reported

    ⚡ GitHub Copilot's move to token-based billing is a reminder of a reality many ignored: AI was never free. It was subsidized. For years, vendors absorbed huge compute costs to gain market share. Today, some developers are discovering what happens when those costs get passed on to users. The bigger issue isn't Copilot. It's the companies that laid off experienced engineers and built workflows assuming AI would remain cheap forever. If your productivity depends on unlimited tokens, your costs are no longer predictable. The engineers who can still design, debug and write software without an LLM aren't obsolete. They just became your contingency plan. And Copilot won't be the last. Every AI provider faces the same challenge: compute is expensive, margins matter, and subsidies don't last forever. The era of "unlimited AI" was always temporary.

  • GT_Protocol
    GT Protocol (@GT_Protocol) reported

    💬 We get asked Is it safe to connect my local AI agent to my trading account using the MCP server? ❕ Answer from a GT App Trader: It is completely secure. The architecture is non-custodial and built so that you retain absolute control over your keys and access. 🔸 Read & Trade Rights Only The MCP server connects via an API wallet that only grants permissions to read account data and execute trades. It is physically impossible to authorize withdrawals through this protocol. 🔸 Local Control The server runs locally on your machine or private infrastructure. Your API keys and session tokens are stored securely within your own environment, meaning no sensitive data is ever exposed to third parties. 🔸 Open Source Transparency The entire codebase for the GT Protocol MCP server is fully open-source on GitHub. Anyone can inspect the code, verify how data is handled, and ensure there are no hidden vulnerabilities before setting it up. Automate your workflow with total peace of mind

  • iAmBipinPaul
    Bipin Paul (@iAmBipinPaul) reported

    @lukehoban The only issue is that GitHub Copilot’s price is too high, so most users will not choose it.

  • emanueledpt
    Emanuele Di Pietro (@emanueledpt) reported

    Synara update dropped Please reinstall the app from GitHub releases It has a update issue and will be fixed in the next versions!

  • ArtemR
    Artem Russakovskii (@ArtemR) reported

    If you piss off security researchers, don't come crying later. I've seen this pattern from @Microsoft lately and security folks are *pissed*. This guy @__ammar2__ gave a 1-hour notice before releasing a serious vulnerability in Github. "Why Full Disclosure? To summarize the last time I interacted with MSRC regarding reporting a VSCode bug, it was a horrible experience where they silently fixed the bug I pointed out without any credit. They also marked it as not having any security impact. As I mentioned in that post, going forward I would be doing full public disclosure for any security bugs I found in VSCode. Taking a look at a recent report by Starlabs on a VSCode XSS bug marked as ineligible and low severity, it doesn’t look like MSRC has gotten any better about VSCode bugs. I’m sure the VSCode team would have appreciated a longer heads up on this to come up with solutions. There is legitimately a UI/UX balance here that needs to be struck with the security concerns. To those folks, I am sorry, but this is one of the few levers I have to try to influence MSRC and the security posture of VSCode. Finding and fully developing security bugs into proof-of-concepts like this takes time and effort on the part of security researchers that should not be disrespected or taken for granted. Timeline Jun 2, 2026 - An hour before posting I gave a heads up to an old contact at GitHub security that I would be disclosing this bug. Jun 2, 2026 - I disclosed the bug here and on the VSCode issue tracker."

  • prophe_sys
    prophe-sys (@prophe_sys) reported

    @Cedric_Crispin @firoorg Thank you. I confirm reception. Could the issue be related to the "errors when trying to spend from Spark" that were mentioned in the latest campfire release on GitHub?

  • jungleskellam
    alex kerss (@jungleskellam) reported

    A dry run is not a rehearsal. It is a receipt for one path. Kubernetes server-side dry-run still runs defaulting, validation, and admission, but does not persist. Terraform `plan` previews actions, but a speculative plan is not the thing you later apply. GitHub environments can block jobs before secrets are exposed. So make the agent name the path it tested. Client, server, saved plan, gated deploy. Otherwise “dry run passed” is just stage lighting.

  • codedexit
    CodedExit (@codedexit) reported

    @johnappscaler An MCP server that connects Claude (or similar) to real market data so founders can ask what's worth building instead of guessing from inconsistent data. Current distribution: MCP registries, npm, GitHub. What am I missing?

  • HumanPulse_HPP
    HumanPulse Protocol (@HumanPulse_HPP) reported

    Development is continuing: when logged in, we can still access the repositories and pushes are working. The issue appears to affect public visibility, GitHub search, and third-party developer integrations. HumanPulse remains active.

  • adhoc97
    Michael Brod (@adhoc97) reported

    satya intentionally cannibalizing github copilot with usage based pricing could go down as one of the biggest brain moves in history the reaction was as predictable as anything - customers hate it, it turns out tokens are expensive, and completely shifts the narrative on the market who can now see that without massively subsidized pricing (today), customer economics are brutal who does this macro narrative shift hurt the most?

  • SThapa123456
    Sam Thapa (@SThapa123456) reported

    i told claude to fix a github issue without reading the issue myself. it opened a pr. looked clean. now i'm sitting here trying to do three things at once. understand what the issue actually is. understand what the pr actually does. steer the architecture if it went the wrong way. all in the same head. in the same moment. with a slack notification from my ceo pending. something i'm realizing as i do more agentic engineering: skipping the plan doesn't save effort. it just defers all of it to the worst possible moment. @theo and @steipete aren't big fans of the talk-talk-plan-execute flow. the argument is roughly that modern agents are capable enough that the ceremony slows you down more than it helps. just let it cook. i get it. but what i'm finding for myself is that plan-first isn't ceremony, it's a cost-spreading strategy. you pay the "understand the issue" cost when it's cheap, before anything is built. you pay the "shape the solution" cost at the plan stage, when changes are one sentence instead of a re-implementation. by the time the pr exists, the model is already in your head and reviewing it is just verification. skip those stages and the cost doesn't disappear. it stacks up and lands on you all at once, after the code exists, when every decision is now expensive to change. the polished pr is the trap. it looks like progress. it's actually a bill coming due. (credits to CC for helping me articualte this idea)

  • sandipb
    Sandip Bhattacharya 🌏✌️ (@sandipb) reported

    @zeddotdev The out of the box markdown viewer is terrible. What we see in zed is not what we see in the rendered view in github. Anything we can do to make the rendering palatable?

  • EgerDev
    Andres Eger (@EgerDev) reported

    @zuess05 When even Claude can’t fix a bug, I try it on Grok or Codex to see what they find. If that doesn’t work, I go back to the old days digging through GitHub or StackOverflow lol.

  • CryptoCyberia
    Lain on the Blockchain (@CryptoCyberia) reported

    @MirketoE I really don't know much about him besides he was one of the biggest streamers (or "Youtubers" which someone corrected me by saying) who has been vibe coding and getting interested in LLM vibe coding and such. He vibe coded an image manipulation program and a front end for LLMs, then open sourced them, then people tried to fix bugs using LLMs and so a flood of proposed fixes were submitted on Github to him, and he doesn't know what he's doing so he accepted over 170 changes to the code base in just 2 days, while no new features were added at all and bugs still persist. It started as a big mess of spaghetti code, and appears to be comically spiraling out of control. Still, it is very based to support FOSS movement and he has a ton of fans, so I am happy to see him making them more familiar with FOSS and Github etc.

  • bansal_saahil
    Sahil Bansal (@bansal_saahil) reported

    @pamelafox @slicknet Does this BYOK custom end point config requires us to login to github?

  • jjfleagle
    Jason Fleagle (@jjfleagle) reported

    @latentspacepod @github @kdaigle The 80% PRs-from-agents scenario makes trust the bottleneck, not generation. Teams will need checks for authorship, test coverage, dependency changes, security review, and whether the agent actually solved the issue instead of just producing a plausible diff.

  • twatdipper
    John (@twatdipper) reported

    Had to code by hand today because I'm out of GitHub copilot credits and my employer doesn't want to pay for more, it was terrible 😭

  • imranity
    Imran (@imranity) reported

    @github is broken ...