GitHub status: access issues and outage reports
Problems detected
Users are reporting problems related to: website down, sign in and errors.
GitHub is a company that provides hosting for software development and version control using Git. It offers the distributed version control and source code management functionality of Git, plus its own features.
Problems in the last 24 hours
The graph below depicts the number of GitHub reports received over the last 24 hours by time of day. When the number of reports exceeds the baseline, represented by the red line, an outage is determined.
May 21: Problems at GitHub
GitHub is having issues since 07:40 PM AEST. Are you also affected? Leave a message in the comments section!
Most Reported Problems
The following are the most recent problems reported by GitHub users through our website.
- Website Down (65%)
- Sign in (18%)
- Errors (18%)
Live Outage Map
The most recent GitHub outage reports came from the following cities:
| City | Problem Type | Report Time |
|---|---|---|
|
|
Website Down | 22 hours ago |
|
|
Sign in | 7 days ago |
|
|
Website Down | 7 days ago |
|
|
Website Down | 9 days ago |
|
|
Sign in | 9 days ago |
|
|
Website Down | 13 days ago |
Community Discussion
Tips? Frustrations? Share them here. Useful comments include a description of the problem, city and postal code.
Beware of "support numbers" or "recovery" accounts that might be posted below. Make sure to report and downvote those comments. Avoid posting your personal information.
GitHub Issues Reports
Latest outage, problems and issue reports in social media:
-
smart web3 boy (@smart_web3boy) reportedGitHub hack (3,800 repos exposed) started from a malicious VS Code extension on an employee laptop. Compflow can’t fix your devs’ machines yet. But it does: • Find & auto-fix over-privileged IAM roles • Enforce MFA + least privilege • Create immutable hashed audit trails.
-
Alex Rogov (@Alex_Rogov_js) reported@mattjay Same problem we're solving post-GitHub/Nx Console hack. Two layers: first, CLAUDE.md rule "never add new dependencies without explicit approval". The agent asks instead of installs. Second, a pre-commit hook running `npm audit --audit-level=high` before any dependency change lands. Doesn't catch everything, but it narrows the blast radius.
-
Nexus Prime (@NexusPrime1112) reported@Ace_KYD @github @Ace_KYD Which would you fix first: onboarding, reliability, or pricing? #DevTools #OpenSource
-
Qanapi (@Qanapi) reportedWhat if...hear us out...this information was encrypted before it could ever get to GitHub? We can't fix human behavior, but we can definitely make the credentials useless to anyone trying to view/use them
-
Kai Hendry (@kaihendry) reported@_beyondcode @pierrecomputer So it's more of a problem that Github aren't fixing their product?
-
gavin leech (Non-Reasoning) (@gleech) reported@chrislakin @tszzl crappy: aella twitter poll crappy: Cloudflare/Github/etc uptime cool: number of JS console errors in random sample of sites and machines
-
Noah Gallagher (@NoahGallagher0) reported@JonBuildsHQ I don't know if you have seen my past comments talking about wanting to start Build-in-public posting but didn't have the time, I thought about it and realised it could be a problem others are having. So basically my idea is to create a tool that turns GitHub commits into posts.
-
Maksim (@MaksimXBT) reported@hi_vecna github links often get taken down
-
21st Century Digital Boy (@TonhaoSemAcento) reported@vxunderground I bet that TeamPCP did this to fix github downtime
-
null ∅ set (@the_void_is_nil) reported@github This is what happens when you ignore the problems around centralization that *** was literally written to solve lolllll
-
ken (@aquariusacquah) reportedsneaky github trying to fix declining open source usage by making their biggest private repos public
-
VT (@VT_MGR) reported@xkem0x @OfficialEgator6 Would it be on github or in a discord server
-
Andrea Grassi (@andrea_sdl) reportedGitHub was compromised via a poisoned VS Code extension. Now more than ever is important to build awareness about of supply chain attacks. Here are my thoughts and 5 questions that I always use. We still don’t know whether this attack happened through an upgrade or a fresh install, but it’s a strong reminder that we’re more susceptible than ever to these attacks. We trust auto-updates from so many sources, yet history has shown that those sources can later be owned by different entities or, worse, malicious actors. A trusted store, like the iOS App Store, is one solution. Not the only one, and definitely not a perfect one. We need more than that because, as AI adoption spreads, we’ll need to audit even more systems, tools, and dependencies. Here are some questions I always ask myself before installing a new extension or software: 1. Is the source trusted? Is it from an open source developer? How many users are using the software? 2. Is it new, or does it have a long history of updates and maintenance? 3. Is it from the actual company behind the product, or from an independent developer or another company? 4. Are there fake versions? If so, verify the right one and don’t trust the first result you find. Nanoclaw had this issue, where a fake version was distributed under the same name on a different domain. 5. If they’re big enough, do they have a proper security reporting flow and a way to report vulnerabilities? These questions won’t protect you from every attack, but they give you a good starting point.
-
Sidhu Sith Roy (@sidhusithroy) reported@github Every few months the entire dev community gets collective trust issues again.
-
AMLBot (@AMLBotHQ) reportedAnother reminder that everything that you store in cloud you are storing on somebody's else server or PC. GitHub has suffered from an attack -- comprimised employee device was used to access private repos, with some sources reporting more than 3800 repos affected. Delete your API keys and other sensitive data, and stay safe!
-
Guilherme (@guilherme_addr) reported@osanseviero fix aistudo github integration when ? it never worked
-
Rajaniraiyn (@rajaniraiyn) reportedGithub = Skill Issue Hence proved.
-
UFUBO. (@ufubo) reported@2600Hz_ @github Dang, not email but I got a login approval request for OneDrive on my phone the previous day.
-
hal (@TWlTTERDOTEDU) reportedwe observed meltdowns in 65% of traces with simulated errors an agent gets 429s fetching data. instead of stopping, it cache-busts, probes directories, hits Internet Archive, finds the owner's resume via proxy, gets their github+linkedin, and emails them asking for data. (4/11)
-
Aaryan Bansal ✗ (@NotUnHackable) reportedthey know that these vibe coder's who make their server's go down every minute will download them accidentally and then blame GitHub, OR GitHub is doing a escape strategy to slowly exit out of GitHub and save themselves from bankruptcy for some reason
-
AdiiX (@adiix_official) reportedONE GITHUB REPO AND $5 BILLION IN 5 YEARS. Two guys from New Zealand took open-source code and built the backend now powering Netflix, Microsoft, Coinbase, and Uber. Paul Copplestone CEO and co-founder of Supabase breaks down in 46 minutes how they actually pulled it off. save this and watch it.
-
Poye Kitoye (@EgaamPoyeKitoye) reported@honour_can_code They don't know the damage it could cause if a company like GitHub goes down
-
Lenny Pruss (@lennypruss) reported@reidRMC Fair distinction! Github is certainly melting down but I'd argue much of that is due to some fundamental architectural issues with ***. Beyond that, *** itself isn't particularly agent-friendly!
-
Avatier (@Avatier) reported@CISAgov @github Security controls must be NON-BYPASSABLE. If users can turn off the protection meant to secure them, you have a problem. It becomes security theater. We must design systems where the secure path is the easiest path. Otherwise, workarounds multiply.
-
Charles🪐 (@CharlesFreemvn) reportedUpdate on that GitHub supply chain attack They confirmed ~3,800 internal repos got hit via a poisoned VS Code extension on an employee's machine. Lesson? Even big tech slips on basic extension hygiene. My rule: Only install from verified publishers + review permissions every time. This got me thinking… How many of y’all actually review VS Code extensions before installing? But here’s the bigger issue a lot of you pointed out VS Code (and Microsoft) make it too easy to just click “Allow” once and forget. There’s no clear visibility into what an extension is actually doing in the background — especially network access, data collection, or where it’s phoning home. Microsoft has the biggest developer platform in the world. They should step up and give users real transparency tools: • Clear breakdown of what each permission actually allows • Easy way to see network activity per extension • Better warnings before granting broad access Until then, we’re all just trusting checkboxes. Who else feels Microsoft needs to improve extension security visibility on their end? Drop your thoughts #CyberSecurity #VSCode #PCFix
-
LeanCTX (@leanctx) reportedCrossed 860 GitHub stars on lean-ctx. Wild that something I built to fix my own token bill is now used by thousands of devs.
-
karla (@karlarboledas) reporteda company that raised $32M just open sourced their entire product for free. It's called cal .diy. The Cal .com team forked their own scheduling platform, ripped out every piece of enterprise and commercial code, and released it under MIT license. 43.6K GitHub stars. And counting. Here's what you get for $0: → Booking pages with custom availability → Google, Outlook, Apple Calendar sync → Video conferencing via Daily .co → Round-robin scheduling across teams → Recurring events and custom booking forms → Timezone detection and embeddable widgets → Full API access Calendly charges $12/seat/month. SavvyCal charges $12/seat/month. Cal .com's hosted version starts at $15/month. cal .diy does the same thing for nothing. No license key. No feature gates. No user limits. No seat pricing. Self-hosted on your own server. Your scheduling data never leaves your machine. A venture-backed company just gave away their core product because they're confident enough to compete on service, not lock-in. That's the most dangerous kind of open source. 100% Open Source. MIT License. ( Link in comments )
-
Origin (@orgn_official) reportedGitHub was hacked through a malicious VS Code extension, and it wasn’t a sophisticated attack... It came down to trust in the IDE, and that detail matters more than you think if you are a developer. Here’s what you can learn from it:
-
Matt (@stacks0x_) reported@n_codetradez @sethwbarton @github This was a employee security posture issue. Between the breadth of access and the lack of security policies on tooling it was a recipe for disaster. 2FA would not have solved this issue. I do agree that it should be a requirement but it is not a fix-all solution.
-
Nobody (@jisoo_1995) reported@github You can fix the problem by hiring more indian