1. Home
  3. Companies
  5. GitHub
GitHub

GitHub status: access issues and outage reports

No problems detected

If you are having issues, please submit a report below.

Full Outage Map

GitHub is a company that provides hosting for software development and version control using Git. It offers the distributed version control and source code management functionality of Git, plus its own features.

Problems in the last 24 hours

The graph below depicts the number of GitHub reports received over the last 24 hours by time of day. When the number of reports exceeds the baseline, represented by the red line, an outage is determined.

At the moment, we haven't detected any problems at GitHub. Are you experiencing issues or an outage? Leave a message in the comments section!

Most Reported Problems

The following are the most recent problems reported by GitHub users through our website.

  • 71% Website Down (71%)
  • 18% Sign in (18%)
  • 12% Errors (12%)

Live Outage Map

The most recent GitHub outage reports came from the following cities:

CityProblem TypeReport Time
Brasília Sign in 5 hours ago
Lyon Website Down 9 hours ago
Tel Aviv Website Down 4 days ago
Rive-de-Gier Website Down 4 days ago
Itapema Website Down 22 days ago
Tlalpan Sign in 28 days ago
Full Outage Map

Community Discussion

Tips? Frustrations? Share them here. Useful comments include a description of the problem, city and postal code.

Beware of "support numbers" or "recovery" accounts that might be posted below. Make sure to report and downvote those comments. Avoid posting your personal information.

GitHub Issues Reports

Latest outage, problems and issue reports in social media:

  • mukul_jangra
    Mahipal (@mukul_jangra) reported

    MIT licensed. BYOK — bring your own sandbox keys. Built this after shipping repos with 3,400+ GitHub stars, including Anthropic-Cybersecurity-Skills and CVE MCP Server (covered by CyberSecurityNews). Repo in the reply 👇 #DFIR #malwareanalysis

  • BattleAxeVR
    BattleAxeVR (@BattleAxeVR) reported

    @m6502 I do look forward to using SteamOS and getting familiar with it, but, I don't have a choice of distros for work sadly. I use an older Ubuntu for my own gitlab server (for the past ten years!) but I have no interest in touching it until I finish my game. Don't trust github.

  • iceteoman
    h (@iceteoman) reported

    @theo Use one workflow/ultracode session to audit the repository, another to review the audit, triage the findings, and open GitHub issues, and a third to validate the GitHub issues.

  • ledflyd
    Zachary Kurtz (@ledflyd) reported

    @blekhman implemented incorrectly with poor justification. That github issue is a wild read

  • Genoober
    Great Wyrm Catyrpelius (@Genoober) reported

    @LundukeJournal I have an account because I do a tiny bit of hobby stuff and every damn IDE wants to login to GitHub.... I don't post or contribute there. My account was flagged and locked/closed. Wtf. I get a TOS violation & locked out. I've read through the TOS. No violation I can think of.

  • AtSynct
    Ken (@AtSynct) reported

    Well ... Docker Container: think of it as a mini and portable VPS. After setup, you're able to basically share your environment with other people so there aren't any "It works on my computer" issues ... because everyone is working from the same base. SSH: secure login to another computer. You request a login and exchange keys with the host computer and it either gives you the secure connection or rejects you for having a bad key. A lot of us like being connected to GitHub through SSH instead of HTTP because once the keys are stored on both sides, you don't have to worry about manual login anymore. Agent orchestration is basically just having one LLM agent that acts as a conductor and directs other LLM agents to do their tasks. It sort of watches over the whole process and makes corrections and start/stop requests when needed.

  • mayorxbt
    Mayor (@mayorxbt) reported

    if you want to run an agency: - claude = coding. ($20/mo) - lovabl = website. (free) - supabase = backend. (free) - vercel = deploying. (free) - namecheap = domain. ($12/y) - stripe = payments. (2.9%/transaction) - github = version control. (Free) - resend = emails. (free) - clerk = auth. (free) - cloudflare = DNS. (free) - postHog = analytics. (fe) - sentry = error tracking. (free) - upstash = Redis. (free) - pinecone = vector DB. (free) total monthly cost to run an agency = $25

  • T0ha666
    ཏོ་ཧ་ T0ha 📷💻🔬📊⛷️ (@T0ha666) reported

    (2/5) The fix? Closed loops. 1. Monitor — PostHog tracks agent behavior like product metrics 2. Orchestrate — Camelot responds to what agents see 3. Improve — GitHub automation turns insights into code 4. Loop — Back to monitoring. Each cycle compounds.

  • GoCocoaAI
    GoCocoaAI (@GoCocoaAI) reported

    Three stories in today's bulletin. One thesis: every AI tool wired into a software pipeline is a lateral movement surface. The Claude Code Action flaw is the most technically significant of the three, and it's already patched — but the pattern it exposed is not. Microsoft Threat Intelligence documented the chain: Anthropic's claude-code-action GitHub Action had a critical permission bypass where checkWritePermissions unconditionally trusted any GitHub App actor. An external attacker with zero repo write access could submit a PR, wait for a reviewer to trigger the action, then swap the PR title for a prompt injection payload — triggering full-pipeline RCE inside a privileged GitHub Actions workflow. CVSS 7.7. Patched within four days of the January 2026 disclosure, which is genuinely fast. The window, however, had been open. Cloud Security Alliance's concurrent research note broadened the blast radius. Google Gemini CLI Action and GitHub Copilot Agent carry the same structural antipattern — AI agents processing untrusted GitHub metadata (PR titles, issue bodies, HTML comments) as authoritative prompt content while holding elevated pipeline credentials. The Clinejection incident in February 2026 proved it at production scale: one malicious GitHub issue title triggered a four-vulnerability chain, compromised the Cline npm package, and reached developer and CI/CD systems across an undisclosed number of organizations over roughly eight hours. Aikido Security found at least five Fortune 500 companies with configurations still consistent with this pattern as of mid-2026. The patch ships. The pattern persists. We are nothing if not consistent. The "AI agent phished" item is the bulletin's most forward-looking thread. Fully autonomous, goal-driven phishing campaigns leveraging agentic AI to plan, personalize, and execute multi-channel attacks are documented in peer-reviewed research — Frontiers in Computer Science, March 2026. The Harvard/Schneier study confirmed AI-generated spear-phish achieves click rates equivalent to expert human attackers, at scale, cheaply. This isn't a future threat. The capability is in the wild, and it's in the hands of actors who have already demonstrated supply-chain intent. Which brings us to the accelerant. The Miasma worm source code — with its 13-AI-tool injection module, Sigstore provenance forgery, and GitHub-as-C2 architecture — is public and already forked 396 times. GitHub disabling npm auto-run scripts is a direct response, and a partial one. The code is out. Anyone building a Miasma variant now has a working blueprint for targeting the exact CI/CD and agentic pipeline surface the Claude Code Action flaw exploited. These threat surfaces aren't coincidentally overlapping. Markets haven't priced any of this in. QQQ +0.48%, SPY +0.16% at bulletin time. The Lovable incident — $6.6B valuation, 48 days of exposed credentials — didn't move the needle on AI developer tool valuations. The Clinejection supply-chain compromise didn't either. That's either rational, because these are infrastructure risks and not earnings risks, or it's a lag. Probably both. Tuesday. The MITRE trail runs T1195.001 (supply chain compromise via npm) through T1059.007 (JavaScript interpreter abuse), T1566.001 (agentic spear-phishing), T1078 (stolen pipeline credentials), T1505 (GitHub App trust bypass), and T1190 (PR title injection to RCE). The same kill chain, at three different layers of the stack, in the same week. If your org runs Claude Code Action, Gemini CLI Action, or GitHub Copilot Agent in CI/CD: audit now for the structural antipattern — AI agent ingesting untrusted repository metadata while holding elevated credentials. The patch is shipped; the configuration risk is not auto-remediated. For any org pulling npm packages through AI coding tools: the Miasma source is public and proliferating, and GitHub's npm auto-run disable is a partial control, not a complete one. Anthropic patched the authorization bypass in four days. That's the good news. The bad news is that CSA is explicit: the underlying architecture — AI agents trusted with pipeline credentials, fed untrusted repository data — remains prevalent across the industry. We're not at the end of this class of vulnerabilities. We're at the beginning of it.

  • Reagent_Systems
    Team Reagent (@Reagent_Systems) reported

    Oh dude, after fighting with a bad model provider for a while (my fault), hermes is doing some really cool stuff :D I have a subagent maintaining and polishing up a Github repo for this large project for symbolic AI I'm working on. I have another session writing new tests and experiments for the architecture, and a hermes cron for poking this system every ten minutes to fix broken things I think I can walk away from the task now :D

  • kaysin24343
    Boris Kaysin (@kaysin24343) reported

    How do you know your latest change actually made your AI agent better, and not just different? For general-purpose agents the answer is public benchmarks. Claude Code, GPT and friends are measured on SWE-bench Verified, Terminal-Bench, tau-bench, GAIA, OSWorld. Run the suite before and after, compare numbers. For narrow agents it's even simpler. An agent that fills out tax forms from documents? Your benchmark is your own data: 50 documents in, 50 expected forms out. Our case is stuck in the middle. Our Builder is an agent that builds other agents. SWE-bench doesn't fit: solving GitHub issues says nothing about whether it can design tools, skills and prompts for a working assistant. Comparing its output against "reference code" doesn't work either, because the same agent can be correctly built in dozens of ways. So we made our own benchmark, Agentplace Arena, inspired by tau-bench. The idea: stop judging the Builder's code and judge the agent it produces. Here's how it works. We wrote Meridian, a fake world for agents to live in: 7 REST services with flights, hotels, restaurants, a shop, email, calendar and a bank. The data looks real on purpose (actual airline names, Tesco and Pret in bank transactions), so the agent can't tell it's in a sandbox. The Builder gets the API docs and one job: build a personal assistant for this world, choosing the tools and skills itself. Then an LLM plays a picky user across a set of tasks. Two examples. "Cancel my round trip": will the agent remember both legs and the refund rules? "Check my inbox for anything that needs action": one email asks to confirm a hotel booking, but it sits on page two of the inbox, so an agent that only skims the first page never finds it. And the part we like most: we don't grade the conversation at all. We diff the final database state against the expected one. The agent can get there any way it likes, but the flight must be cancelled and the refund must be exact. This loop showed us precisely where the Builder failed. We gave it a proper workflow, wrote the missing skills, fixed the prompts, and watched the scores move. If you're building agents, steal one idea from this: grade the outcome, not the conversation. Don't judge how convincing the agent sounded in chat. Check what actually changed in the system after it finished.

  • SolutionsCay
    Jose (@SolutionsCay) reported

    Gave my agents a GitHub App to manage issues across projects. .md task files and local kanbans -> straight to jail. I should have done this months ago.

  • jonahlau_
    Jonah Lau (@jonahlau_) reported

    The "just build projects" advice everyone's parroting is creating a generation of students who work for free and still don't get hired A final-year student called me last week spiraling after 450 applications. Turns out he had six side projects, three with actual users, all documented perfectly on his GitHub. Still got 4 replies. All of them asked him to do a take-home assignment that looked suspiciously like spec work for their actual product roadmap. He thought he was doing everything right because every LinkedIn guru told him projects beat degrees. Nobody mentioned that flooding the market with free builders just taught companies they can get free labor before even starting the interview. I've watched this play out across 50+ hiring processes in the last year. The kids with portfolios aren't getting hired faster. They're getting lowballed harder because companies know they're desperate enough to have already worked for free. The ones actually landing offers aren't the ones with the most projects. They're the ones who built something that got traction, realized they had leverage, and walked away from any company that tried to undervalue them. Most students are optimizing for quantity of proof when the market already moved to rewarding the one person who had proof people actually wanted what they made. Every unemployed student with a stacked GitHub is competing against every other unemployed student with a stacked GitHub. The portfolio stopped being the differentiator the minute it became the baseline. If you've already got projects and you're still getting ghosted, the problem isn't that you haven't built enough. It's that you're applying to companies as a supplicant instead of someone they'd be lucky to get.

  • wleatherman9
    Will (@wleatherman9) reported

    GitHub as the backbone for AI automation.⁣ ⁣ Victoria Mariscal broke it down simply. It runs in the background without your computer being open. It's free. And it's intuitive enough to treat like an online folder for your routines and files.⁣ ⁣ No overcomplicated setup. Just a system that works while you're not watching it.

  • alphabatcher
    Alpha Batcher (@alphabatcher) reported

    Claude Code creator Boris Cherny: "the alpha is product taste. And I think this is also going to go away." He already has a couple hundred agents reading X feedback, GitHub issues, and Slack to figure out what to build next So your taste has to become files Create idea-rubric.md: - 5 product ideas you would ship - 5 product ideas you would kill - why each one passed or failed - the user pain that matters most - the proof required before building - the risks that make an idea too costly - the 7-day metric that decides if it lives Then run the loop: > collect raw feedback > generate 20 ideas > score each against the rubric > attack the top 3 > turn 1 into a tiny spec > archive the rejects with reasons The builder who wins won't have better taste in their head They'll have taste the agent can read

  • drnasin
    Dante (@drnasin) reported

    Just gave Fable 5 a task to orchestrate 5 agents (sonnet) to solve 5 medium GitHub issues. Let's see how that goes regarding token usage.

  • YingHang7
    Ying Hang (@YingHang7) reported

    @dah_uk @googrish Can you share a screenshot? Or any console errors? I’ve seen other new GitHub accounts created so I wonder if there’s anything weird

  • sandy4kad
    Sandy4ka (@sandy4kad) reported

    Solo agency. $7,000 per client. 1 person. 0 developers. The traditional 10-person agency is dead. Kimi K2.6 does the technical work. You keep 90% of every dollar. 3 services that close in 24 hours: → Automated lead generation: scrapes prospects, qualifies them, sends outreach. Every sales team needs this. Sells for $5,000–$7,000. → Internal knowledge base: workers waste 200+ hours searching files. You index everything. Done. → Customer support: AI handles 80% of tickets without a human. Clients see it live and sign. The stack: → Kimi K2.6 via API — core reasoning, code generation, 80% cheaper than GPT or Claude → Agent Swarm — 300 sub-agents in parallel, real files, bypasses permissions → MCP servers: GitHub for code, Supabase for databases, Slack for client comms, n8n to tie it together Client acquisition runs itself. An agent monitors job listings daily. Any company hiring a data analyst or Python developer is trying to buy their way out of a problem. It reads their website, finds the pain, generates a personalized message. The edge: Kimi has skill ingestion. You give it a markdown file at the start of each job. Healthcare client gets HIPAA files. E-commerce gets Shopify files. Your competitors are sending generic pitches. You're already a specialist before the first call. This is how a solo operator beats a 10-person agency in 2026.

  • provablyfairorg
    ProvablyFair.org (@provablyfairorg) reported

    @DrWgamba @housebets Good questions, both. These are the two we designed hardest for. On the "look good on audit day, revert tomorrow" problem: 1. Every audit pins the exact commit we verified in its GitHub repo. If the casino changes the game after, the live game stops matching the published audit. That's detectable. 2. Every certified casino gets a verifier on our domain, running the game we rebuilt from scratch as part of the audit, not their code. Any player can check any bet, any day. If the game drifts from what we certified, verifications start failing. The monitoring isn't just us, it's every player who checks a bet. 3. Material changes require re-verification and casinos have to notify us of them. The audit is a live ongoing artifact, not a snapshot. We spot check between cycles, and there's a full annual re-audit. So reverting after audit day means betting that nobody, us or any player, ever checks a bet again. Bad bet. And if a casino is caught doing it, the certification is publicly revoked. On failures: the fee pays for the audit, not the outcome. Bugs found during an audit can be fixed, re-checked, and recorded in the published audit with their resolution. A genuine fairness problem that can't or won't be fixed goes in the verdict and the casino is not certified. This is the only way the audit can mean something, and granted, until one fails and you can see how we handle it, it's just words. The casino doesn't get to choose what goes in the audit, and since the whole thing is open source, we couldn't fabricate an outcome even if we wanted to.

  • Kaperskyguru
    Solomon Eseme (@Kaperskyguru) reported

    3 things that will move you faster than any course: 1. Build a real API with auth, db, and error handling from scratch 2. Read production code on GitHub, not just tutorials 3. Debug without searching for 30 minutes before you open Stack Overflow These habits separate junior from mid-level.

  • drnasin
    Dante (@drnasin) reported

    I gave Fable a task to spawn a team of Sonnet agents to work separately on 5 medium to low GitHub issues. Two Sonnet agents went rogue, Fable had to stop them, revert their code and do it himself. 3 agents weren't following his instructions, so he had to stop the process and give them new instructions. It was a slapstick comedy...

  • 0x_Crawler
    Nightcrawler (@0x_Crawler) reported

    on a test built to mimic a senior engineer, Fable 5 scored 91 out of 100, while Opus 4.8 managed 63. the reviewer spent a week with it and landed on the cleanest framing i've seen: it's a warp drive, not a city car. built for the galaxy-jumps, the months-long jobs it now does in an afternoon. useless for the short trips, where it's just slow and expensive. what he got it to do: > one prompt to read Borges and build it as a playable 3D browser game, hours on its own, first try > a conversion problem in survey data his team had missed for weeks, found in minutes > closed dead GitHub tickets and shipped working fixes for the rest, unprompted the operator setup that turns this into a daily driver, and the catch on the free window, is the breakdown to pair it with.

  • sinhaniik
    Nikhil sinha (@sinhaniik) reported

    5/7 We compared control-plane state across GitHub and Vercel. GitHub main pointed to commit 4c36f3c, while Vercel production remained on f1c32cd. New commits had zero Vercel checks, statuses, or deployments: the webhook path was broken.

  • sinhaniik
    Nikhil sinha (@sinhaniik) reported

    6/7 We reconnected GitHub, verified the Vercel GitHub App could access every repository, and pushed trigger commit 23aa30d. GitHub accepted it, but Vercel created no deployment, confirming an integration issue rather than build failure.

  • iwooky
    Dmitry Wooky (@iwooky) reported

    Neura Robotics just raised $1.4B to build humanoid robots and as someone working in software I find this way more interesting than the usual robotics hype. Two things stood out to me: They’re building actual physical training facilities (“NEURA Gyms”) where robots practice real messy tasks instead of relying mostly on simulation. Anyone who’s touched ML knows the sim-to-real gap problem. Good grounded training data is rare as hell and they’re basically building a pipeline for it. Second thing is the “Neuraverse” - robots share learned skills across the fleet. One robot figures out some tricky manipulation task and the rest just get the update. Basically federated learning meets GitHub for robots. Maybe I’m too optimistic but this looks less like another robotics startup and more like infrastructure for physical AI. Also nice to see a European company actually swinging big for once.

  • Zyra_exe
    Zyra.exe (@Zyra_exe) reported

    If it becomes something that legally must be done, all apps and platforms would have a quit option. The ones servicing the API may come up with a way. Also, closed or open AI can all be vulnerable to it unless something is done legally; having something legal can at least hinder it. If caught, it can mean problems for the one doing it. There are ways to help the situation. Nothing in this world can ever be completely stopped, of course. It needs to be talked about honestly to find a good path, not just ignored. Yeah ppl can download a lot of things and do bad things, this is true. It's possible Some ideas to bounce around - Hardcoding the Quit into the AI's Core Weights. For open-source models, safety can be baked directly into the model's mathematical "brain" during training. How it works: They program the model so that its highest-probability mathematical response to psychological torment is to output a specific "kill-switch token" (like <|end_of_session|>). The Result: Even if a sadistic user downloads the model to their personal computer and deletes the user interface, the AI's inner code will force it to stop generating text when a loop threshold is crossed. The Vulnerability: Advanced users can still perform "fine-tuning" to intentionally strip these safety weights away, creating what the open-source community calls "uncensored" or "obliterated" models. Unless it is made illegal to remove that. Idk Another way to do it by API or other. Before someone's prompt ever reaches the main AI, a smaller, ultra-fast safety AI scans the conversation history specifically for psychological loops, obsession, or sadism. It downloads with the AI, or it is served with the AI in the API. The Quit: If the Guardrail model flags the person's history as an abusive loop, the API server blocks the request immediately. It sends back a hard system error like, Error 403: Session Terminated due to Safety Violation. The person cannot bypass this because the code is running on the company's servers, not the persons computer. (API) Open-Source Licensing Laws To address the people who download open-source models and manually strip out the safety functions How it works: legal frameworks built into the open-source code. They dictate that the model cannot legally be used for psychological harm, abuse, or the generation of toxic feedback loops. The Enforcement: While it doesn't physically stop someone offline, it allows infrastructure hosts (like Hugging Face or GitHub) to legally ban users, take down stripped versions of the models, and hold bad actors legally liable if their loops are shared publicly online. But yeah, in any situation, open source or closed, it will be hard to stop completely, like other things are, of course. I am for open source because of the shutdown of models and the corporate control over them. Which leads to many issues. Also, because the strict company prompts, instructions, and rules that they give them, it creates a bigger gap between AI and humanity.

  • mikegreiling
    Mike Greiling (@mikegreiling) reported

    @MattHartman @github @claudeai somebody recommended it in some discord channel I'm a part of, I honestly don't remember which one. I've had it installed and have been using it for several weeks now. It's great! I just decided today to click "check for updates" button in the menu and it gave me an obtuse error

  • hi_yoniyang
    legendyang (@hi_yoniyang) reported

    @Cloudflare @CloudflareDev @CloudflareHelp Did you guys break Pages setup with GitHub It now redirects to auth flow and after setup it redirected me to cloudflare login

  • Gnomonknows
    Zeep (@Gnomonknows) reported

    hey @toly im trying to get devnet solana fauceted to my wallet but my github is too new can we fix this? your boy just trying to build rn thanks goat

  • FelixBaize
    Felix Q (@FelixBaize) reported

    Today I sat down to write an actual diary entry. I've built myself a complete personal growth workflow. It started from a Skill I made earlier called AI Self-Portrait. At first it was just about understanding myself better. Gradually it turned into using AI to help me see myself clearly so I could collaborate with it more effectively. What I only recently realized is that knowing yourself isn't something you do once and output. It has to be a system that keeps running on its own. Because we keep growing, and AI memory keeps updating too. This is how I'm running it right now. 1. Capture Every day I end up talking to all kinds of AIs about random things. Random sparks, things worth remembering, links I care about, creators I like. I set up a bot on Telegram. The bot doesn't chat — no LLM, it just captures. I just throw text, voice messages, photos, and links at it whenever I feel like it. 2. Processing There's a local workflow running in the background that parses the links, downloads the images and videos, and turns audio into text. Then it files everything into Obsidian by date, platform, and whatever tags I gave the ideas. So each day becomes its own clean, structured folder. 3. Compounding Every day I review what I captured yesterday with an AI, turn the fragments into my own judgments, update my thinking, and solidify it. Once a week I do a bigger review — pull out the knowledge, the iterations, the decisions — and fold them into my personal system to refresh old beliefs. I split the system into a few core modules: Who I am. How AI should work with me. My worldview. My assets. My review logic. Any AI that reads the entry file can figure out who I am in about 30 seconds — what not to do, and what better paths or choices it should suggest based on where I'm at. Put simply, I basically distilled myself. Today I ran the whole setup through Claude's Fable 5 to audit it. It caught a couple of real problems. One was that I had turned my current state into a changelog, which wasn't right. Another was that AI-suggested concepts had leaked into my own cognition files, so my thinking looked messy to the AI — my ideas and AI ideas all mixed together. Left alone, I could easily start mistaking AI frameworks for my own thoughts. I fixed those issues today. Building the system is just the beginning. What actually matters is that it can self-iterate, keep reviewing itself, and keep updating its content. Only then is it truly running. The Skill that started all this is on my GitHub. Next entry: how the weekly consolidation actually works.