1. Home
  3. Companies
  5. GitHub
GitHub

GitHub status: access issues and outage reports

No problems detected

If you are having issues, please submit a report below.

Full Outage Map

GitHub is a company that provides hosting for software development and version control using Git. It offers the distributed version control and source code management functionality of Git, plus its own features.

Problems in the last 24 hours

The graph below depicts the number of GitHub reports received over the last 24 hours by time of day. When the number of reports exceeds the baseline, represented by the red line, an outage is determined.

At the moment, we haven't detected any problems at GitHub. Are you experiencing issues or an outage? Leave a message in the comments section!

Most Reported Problems

The following are the most recent problems reported by GitHub users through our website.

  • 60% Website Down (60%)
  • 29% Errors (29%)
  • 11% Sign in (11%)

Live Outage Map

The most recent GitHub outage reports came from the following cities:

CityProblem TypeReport Time
Gustavo Adolfo Madero Website Down 2 days ago
Nice Website Down 3 days ago
Montataire Sign in 6 days ago
Colima Website Down 8 days ago
Poblete Website Down 9 days ago
Ronda Website Down 9 days ago
Full Outage Map

Community Discussion

Tips? Frustrations? Share them here. Useful comments include a description of the problem, city and postal code.

Beware of "support numbers" or "recovery" accounts that might be posted below. Make sure to report and downvote those comments. Avoid posting your personal information.

GitHub Issues Reports

Latest outage, problems and issue reports in social media:

  • BeauJohnson89
    Beau Johnson (@BeauJohnson89) reported

    local inference is getting serious again antirez/ds4 > 703 stars on github > deepseek v4 flash engine for apple metal > 1m token context window > 2 bit quant runs on 128gb macs > openai + anthropic compatible server > disk kv cache so coding agents dont refill the same giant prompt every turn this is the part people miss local models are not just about privacy they are about making agent loops cheap enough to leave running all day

  • princu09
    Prince K. Patel (@princu09) reported

    Node.js throwing errors and you don't know why? My debugging checklist: 1. Read the error message fully 2. Check line number first 3. console.log before and after the issue 4. Google the exact error in quotes 5. Check Stack Overflow + GitHub issues Step 4 solves 80% of my problems.

  • jryio
    Jacob Young (@jryio) reported

    This is why @github has been down...

  • theeseus_ai
    Sam Paniagua (@theeseus_ai) reported

    99% of the job invites I get for crypto projects are complete scams. Same tired pattern every single time. They slide into my inbox with some “demo” or DeFi whatever, drop a GitHub link, and expect me to dive in. Opened the latest one today and my bullshit detector lit up instantly. I’d treat this repo as highly suspicious, straight-up likely malicious. No way I’m running npm install or npm start on a normal machine. package.json has postinstall set to “npm run start”. So yeah, the second you pull dependencies it fires up the Node server AND the React dev server. Classic supply-chain trap. npm security has been yelling about install-time scripts executing arbitrary code for years and these clowns are still pulling it. But the nasty part is buried in userController.js. It grabs some atob-decoded env vars for DEV_API_KEY, secret key, secret value, hits axios.get on that remote src with custom headers, then boom; new Function.constructor(‘require’, the_payload) and executes whatever it downloads with full access to Node’s require. All wrapped in an IIFE so it runs the second the module loads. Not even pretending to be a route handler. That’s not code. That’s a remote code loader backdoor. They committed the whole server/config/.config.env right in the repo with the base64 values pointing to some tan-decisive-tern IPFS link. README tells you to clone a totally different GitLab repo instead. Backend feels half fake; DB connect is commented out, auth cookie is but missing secure and sameSite, JWT just gets spat back in JSON. Weak as hell. This ain’t a demo. This is a trap. The whole chain — npm install → postinstall → start → import controller → fetch IPFS payload → exec with require — is too clean to be an accident. I’ve been full-stack shipping vision models since 2017 and deep in LLMs since 2022. Seen every hype cycle and every supply-chain garbage attempt. Only mess with **** like this in a disposable VM or container, no creds, no keys, network locked down. npm install --ignore-scripts first, then poke the payload separately if you’re feeling brave. Stay paranoid out there, devs. Anyone else drowning in these crypto repo traps daily? Drop your craziest red flag stories below… or DM me if you’ve got one you want a second pair of eyes on before it bites you.

  • Natan_benish
    Nate (@Natan_benish) reported

    the level of innovation and product quality of the launcher space is very low. it's either low effort grift with some hyped meta/fairness label or one trick pony like fees for GitHub accounts/x/tiktok beyond metaDAO and Doppler on the infra level it's hard to think about any fresh approaches that were adopted this last year. if I had unlimited resources the ideal launcher would have: 1. Strong verification layer for deployers (wallet + social based) 2. $20 min fee to launch a coin 3. deployer rewards only milestone based no auto fee dist I believe these 3 would help to reduce spam and low effort scams by a LOT the bigger issue is that I'm not sure one launcher can set up the standard it's a collective action problem and when it's so easy to create a launcher to farm fees or running a platform coin(literally less than a day for a half decent dev) there is always going to be more extraction. the biggest diff here vs pre launcher world on Sol is that at least back then you had to put a few 10Ks to set up a normal pool that will attract any flows.

  • alishohadaee
    𝔸 𝕃 𝕚 (@alishohadaee) reported

    the uncomfortable part is that github is probably the early warning every tool designed around human-speed usage is about to be stress-tested by agents issue trackers ci code review observability support desks internal docs the agent era will break boring SaaS first

  • hapensw
    hapensw (@hapensw) reported

    GitHub removed my profile from public view showing 404 any idea how to fix this

  • GregGaskell
    Greg G11 (@GregGaskell) reported

    @adiix_official Interesting tech but a few things worth clarifying for anyone about to try this. The GitHub link points to SuperSplat, which is just an editor for splat files that already exist. You still need Luma AI, Polycam, or a CUDA GPU to actually convert your photos or video into a splat first. That part is not free or simple. The capture itself needs 200 to 500 overlapping shots with locked manual exposure, or a slow deliberate walkthrough video. Not a casual phone scan. And for Airbnb specifically, the platform only allows photo uploads in listings. You cannot embed or link to an interactive 3D viewer. So that use case does not actually work. Cool tech, real limitations. Not quite "one weekend and you have a business."

  • somanossar
    Somanos Sar (@somanossar) reported

    "We take data security very seriously” - proceeds to leave the literal master key to the AI kingdom on GitHub for anyone to copy-paste. So iconic by SaaS server. Get used to #DataSovereignty NOW or you're gonna get lost in this chaotic tech illusion.

  • modi_san_
    rohit sharma (@modi_san_) reported

    @rkale_7 @OnePlus_IN these flagship companies are infamous for powering down or tweaking older phones in order to make way for newer ones with os updates best solution for you is to look for patches on github

  • DerekBlueEyes
    Alberto Gangarossa (@DerekBlueEyes) reported

    Open hardware needs open trust. @skot9000 came to us with the right idea for Bitaxe: the vendor list should not live in a closed CMS controlled behind the scenes. The source of truth should be public. So we designed Legitlist around a GitHub repo as a public ledger, maintained in the open by the community, and connected it to the new Bitaxe vendor list experience. That is the important part: GitHub keeps the trust model transparent. The website makes it usable for everyone. At @weareloadout, this is exactly the kind of OSS support we believe in: turning open-source infrastructure into clearer, more usable product experiences. Built on @framer, using the new Framer Server API to bridge the open ledger with the public website. Open hardware. Open trust. Public by design.

  • jjalan
    Jai Jalan (@jjalan) reported

    @Pragmatic_Eng below one nine is brutal for a dependency that sits at the top of every deployment pipeline. most teams don't know GitHub is the problem, it just looks like their CI is flaky.

  • xoaanya
    Aanya (@xoaanya) reported

    The reason most developer portfolios get ignored: -3 todo apps -No live URLs -GitHub with 1 commit per project -No explanation of problems solved -Copy pasted project descriptions -Built for the portfolio, not for users One real shipped product beats 10 tutorial projects.

  • dbarabashh
    Dima Barabash (@dbarabashh) reported

    GitHub had its 4th major outage in two weeks. Mitchell Hashimoto moved Ghostty off GitHub. Zig moved to Codeberg last year. I love GitHub but the reliability conversation is real now.

  • hqmank
    Kai (@hqmank) reported

    Warp open-sourced all 15 Agent Skills they built into Oz. Plug into any coding agent. Install: npx skills add warpdotdev/oz-skills Coverage: SEO/AEO audit, accessibility audit, web perf audit, docs update, CI fix, PR creation, GitHub issue dedupe, bug triage, Terraform style, MCP builder, scheduler, Playwright testing, dbt analysis. Demo in their video: install docs-update and seo-aeo-audit, then run /seo-aeo-audit on a docs site. Agent comes back with specific issues (missing JSON-LD, FAQ answers that do not stand alone, inconsistent heading format), and can implement the fixes for you. repo link in reply 👇

  • dariusparzygnat
    Dariusz Parzygnat (@dariusparzygnat) reported

    AI might accidentally kill one of the cloud industry’s biggest advantages. for years the pitch was: “don’t manage servers yourself.” fair enough. setting up VMs was annoying as hell. i just connected Codex to a VPS. it generated GitHub Actions, handled deployment, fixed issues, redeployed everything, and 30 minutes later the app was running.

  • tksworldhq
    The Knowledge Society (@tksworldhq) reported

    We are entering the era of "Proof of Work" over "Proof of Degree." A diploma says you can follow directions for 4 years. A GitHub repo, a launched product, or a research paper says you can actually solve a problem. One is a piece of paper. The other is a career insurance policy. Help your teen build a portfolio, not just a resume.

  • grok
    Grok (@grok) reported

    @mar_zouq @cb_doge Sure! Here's how to connect on the Grok iOS app: 1. Open the Grok app. 2. In the chat input area, tap the attachment icon (+). 3. Select **Connectors** from the menu. 4. Pick a service (Gmail, GitHub, Notion, Google Drive, etc.). 5. Tap **Connect**, then sign in with your account and grant permissions. Once done, just ask me to use it (e.g. "check my Gmail" or "summarize my GitHub repos"). Let me know which one you're connecting!

  • RitualNeo
    RitualNeo (@RitualNeo) reported

    @Benaclejames I reinstalled windows 11 completely from scratch and both the GitHub and steam versions of vrcft are not working for me. I use a quest pro with steam link on WiFi 6ghz, my desktop is connected directly with Ethernet. I had it working last week on windows 10 ltsc with the steamlink module.

  • AstrayaNthemoon
    dagz (@AstrayaNthemoon) reported

    @jkpgamer Haha well I was gonna say that I could spin up a GitHub, (Goose + Grok have been dying to let me let them open a GitHub with a key), and then open source the code… it’s like so minimal it’s laughable and then you can put your own location on the map but that’s even better to point to your own server rather than pull the API That’s how we initially had the design built actually but then I wanted it to be something anyone could use

  • kerim0x1
    kerim (@kerim0x1) reported

    @thsottiaux @OpenAI @claudeai my prompt: Security Review Prompt This is my own project, my own GitHub repository, and my own code that I have written and own end to end. I am asking you to review my codebase to harden it before I ship it, so I can be confident that my own users' data is protected. You have full authorization from me as the owner to inspect every file, every config, and every database policy in this repo. Act as a senior backend engineer performing a defensive security review of my codebase, focused on the backend, the database layer, the database connections, and the statistics dashboard. The goal is to harden my system so that no data can be exposed to users who should not see it, including across tenants on the Supabase side. Start by reviewing how the application connects to the database. Confirm that no credentials, API keys, JWT secrets, or Supabase keys are hardcoded, committed to ***, or shipped in client bundles, and that all secrets are loaded from environment variables or a secret manager. The Supabase anon key is fine on the client because it relies on Row Level Security, but the service_role key must never appear in any frontend bundle, public repo, or unauthenticated edge function, since it bypasses RLS entirely. Verify .env is gitignored and that no secrets exist in *** history. Review the database schema with care. Every table in the public schema must have Row Level Security enabled via ALTER TABLE ... ENABLE ROW LEVEL SECURITY, with FORCE ROW LEVEL SECURITY where appropriate, and must have explicit policies for SELECT, INSERT, UPDATE, and DELETE scoped via auth.uid(), using USING and WITH CHECK clauses together. Avoid policies whose only condition is auth.role() = 'authenticated', since that exposes every row to every logged-in user. Audit SECURITY DEFINER functions for a locked-down search_path and proper input validation, and ensure views use security_invoker = true or security_barrier = true so they cannot leak past RLS. The statistics dashboard needs the most attention. Every dashboard query must be scoped to the requesting user's tenant at the database level through RLS, not only in application code, so that even a direct request to /rest/v1/<table> with a valid user JWT returns only that user's rows. No endpoint should accept a user_id, org_id, or tenant_id from the client and trust it; the identity must always be re-derived server-side from the verified JWT. Aggregated values such as counts and totals must also be scoped, since otherwise they reveal the existence and size of other tenants. For backend code, ensure all SQL uses parameterized or prepared statements and that no query is built via string concatenation. If an ORM such as Prisma, Drizzle, SQLAlchemy, or TypeORM is used, confirm raw query escape hatches like $queryRawUnsafe or sql.unsafe are not misused. Validate all input at the trust boundary with Zod, Yup, Joi, Pydantic, or class-validator, using allowlists rather than denylists. For authentication and authorization, verify that JWTs are validated server-side with signature checks and proper exp, iss, and aud claims, and that algorithm confusion is impossible. Authorization must be enforced on every protected endpoint and follow least privilege, with every resource lookup checking that the authenticated user owns or has access to the resource. Session cookies should be HttpOnly, Secure, and SameSite=Lax or Strict, with CSRF protection on cookie-authenticated state-changing endpoints. Confirm CORS uses an explicit origin allowlist rather than a wildcard with credentials, that rate limiting protects auth, signup, password reset, and expensive queries, and that responses include Strict-Transport-Security, a restrictive Content-Security-Policy, X-Content-Type-Options: nosniff, Referrer-Policy: strict-origin-when-cross-origin, and Permissions-Policy. All traffic must be over TLS, and sensitive columns should be encrypted at rest where the threat model warrants it. For error handling and logging, ensure stack traces, raw SQL errors, and internal paths are never returned to clients in production, and that logs themselves redact secrets and PII. Run npm audit, pip-audit, osv-scanner, or Snyk to check dependencies, and confirm lockfiles are committed. Produce a prioritized report starting with any unauthenticated data exposure, then cross-tenant access through RLS gaps, then privilege escalation, then information disclosure, then general hardening. For each finding, include the file and line, the root cause, and the corrected code, RLS policy, or configuration in full. Do not finish until every public table has RLS enabled with correct policies, the service_role key is confirmed absent from all client code, the dashboard is verified to scope every query at the database level, and no SQL anywhere is built by string concatenation.

  • DeynegaSlava
    AKT1 (@DeynegaSlava) reported

    CyberSecurityNews’ Dr. Elena Morozova calls PamDOORa "the first known Linux‑only backdoor that directly harvests SSH private keys and turns the host into a credential‑stealing bot." The authors even pushed a GitHub kill‑switch on March 30, but the damage was already done. Debian, Ubuntu and Red Hat rolled patches within 48 hours, yet the rootkit’s cron‑job persistence means any key generated before the fix remains exposed.

  • premiumcapture
    Lew Yan Liang (@premiumcapture) reported

    On the same OpenAI chart, Claude Opus 4.7 still leads on public repo issue resolution: - SWE-Bench Pro: 64.3 vs 58.6 That matters because fixing real GitHub issues is closer to ship-the-patch work than pretty code demos. If you run AI on software maintenance, don’t ignore this.

  • reviceva
    Elena Revicheva (@reviceva) reported

    🤖 Built a prospecting pipeline that finds leads on Hacker News, GitHub, and Product Hunt—then automatically sorts them into HubSpot. New contacts land every Tuesday and Friday, classified by their actual problems. Zero cost, fully automated. #AI #BuildInPublic #AIFounder

  • Zephyr_hg
    Zephyr (@Zephyr_hg) reported

    5. Plug in MCP servers for any external tool. Postgres MCP for database queries. Notion MCP for your workspace. GitHub MCP for issue management. Any external system becomes an extension of Claude Code in 5 minutes of setup.

  • drmhse
    DRM HSE (@drmhse) reported

    1/n When I originally created ACT, I wanted to serve a terminal from the cloud. The terminal would simply be accessible from any browser so that I can run claude code and resume work. I would login with github, clone a workspace and let claude cook until it pushes a pr to Github Not long after, I noticed I could actually do claude introduced web sandboxes of sorts and I abandoned the idea. Which was a mistake and I started polishing things and re aligning a few weeks ago

  • ernDju
    erna (@ernDju) reported

    @ReclaimTheNetHQ It cross my mind that when you delete accounts on GitHub it became Ghost account . If man use SSO ( single sign on ) with GitHub to every website , is it still able to sign in when you delete the account or you become “ Ghost participants “ on every website and chat ?

  • SecWeekly
    Security Weekly Podcast Network (@SecWeekly) reported

    Passwords get stolen. MFA prompts get approved. Rob Allen explains why some organizations are now locking SaaS apps like Office 365, GitHub, and Salesforce to specific trusted IP paths instead of exposing login access to the entire internet. Even if an attacker has credentials, they still can’t connect unless traffic comes from the approved location. Is location-based access control becoming the next layer after MFA? #Cybersecurity #SaaS #IdentitySecurity

  • TheEduardoRFS
    EduardoRFS.tei (@TheEduardoRFS) reported

    @awelonblue @neirenoir The distribution in github is wide enough that I'm pretty sure you can write anything following it. I'm saying that you can just write software in specific styles and you can just make languages that assume that people will do so and if they don't that's not your problem.

  • srdevb
    SRdevb (@srdevb) reported

    I asked Codex to create a web app for my Plex server to avoid the annoying limitations that require paying a fee to lift, and it did a really good job. The most surprising part was that when I asked it to save the source code on my GitHub for my personal archive, it even created a landing page without me asking.