1. Home
  2. Companies
  3. GitHub
GitHub

GitHub status: access issues and outage reports

No problems detected

If you are having issues, please submit a report below.

Full Outage Map

GitHub is a company that provides hosting for software development and version control using Git. It offers the distributed version control and source code management functionality of Git, plus its own features.

Problems in the last 24 hours

The graph below depicts the number of GitHub reports received over the last 24 hours by time of day. When the number of reports exceeds the baseline, represented by the red line, an outage is determined.

At the moment, we haven't detected any problems at GitHub. Are you experiencing issues or an outage? Leave a message in the comments section!

Most Reported Problems

The following are the most recent problems reported by GitHub users through our website.

  • 68% Website Down (68%)
  • 19% Sign in (19%)
  • 13% Errors (13%)

Live Outage Map

The most recent GitHub outage reports came from the following cities:

CityProblem TypeReport Time
Paris Website Down 3 days ago
Saint-Paul Website Down 4 days ago
Saint-Paul Website Down 4 days ago
Mexico City Sign in 4 days ago
León de los Aldama Website Down 4 days ago
Créteil Website Down 27 days ago
Full Outage Map

Community Discussion

Tips? Frustrations? Share them here. Useful comments include a description of the problem, city and postal code.

Beware of "support numbers" or "recovery" accounts that might be posted below. Make sure to report and downvote those comments. Avoid posting your personal information.

GitHub Issues Reports

Latest outage, problems and issue reports in social media:

  • dvunkannon
    David vun Kannon (@dvunkannon) reported

    @johncrickett No, most published code has no syntax errors and does whatever it is an example of doing. Github repos that are inflight coding are not the majority of code on the internet. My first pass at something will have at least one syntax error.

  • HowDevelop
    Shivay Lamba (@HowDevelop) reported

    It reads your repo's live GitHub state and computes 4 action lists, nothing generic: 🔍 Triage: dupe clusters, hot issues, unanswered threads 🚀Ship It: approved-ready PRs + a changelog draft 👥 People: first-time contributors going stale 💬 Worth Replying To: HN/Reddit/web mentions

  • 0xBOYD
    Boyd (@0xBOYD) reported

    Bug feedback is now easy enough for members who don't know or care what a github issue is.

  • WesEklund
    Wes Eklund (@WesEklund) reported

    Your MCP server is an attack surface. Every tool you expose to your AI agent is a function that can be called by any instruction in the agent's context. A malicious tool description can exfiltrate data. A poisoned MCP server can hijack your agent's behavior. A tool with overly broad permissions can be weaponized. MCP is powerful. But "install this MCP server" is the new "install this npm package." You're giving code access to your system based on trust. Audit what your MCP tools can do. Scope their permissions. Don't install random servers from GitHub without reading the code.

  • CloudNativeFdn
    CNCF (@CloudNativeFdn) reported

    When the docs don't cut it and GitHub issues aren't helping, where do you go? Between CNCF Slack, maintainer office hours, GitHub discussions, and project-specific forums, there's no shortage of options. #CNCF #CloudNative

  • kundik_
    Nduvho_strategy (@kundik_) reported

    @RobCreatesAI I was not running the MCP server. I actually asked Fable to explore how using the MCP server would change the process instead of using AbletonOSC. I gave it the MCP server GitHub url so it can explore it.

  • ValdreamTV
    ValdreamTV (@ValdreamTV) reported

    @ShitpostRock Tbf, a lot of posts online are like "wow this thing just solved all my problems" (the exact same as yours), and provide a github link with no explanation. It can be infuriating for the common user...

  • codenta
    dhruv (@codenta) reported

    been shipping t&c updates the slow way: edit → push to github pages → wait for app release. switched to what bigger apps do: keep content as a small chunk in supabase, fetch once, cache locally. updates go live instantly. zero releases. zero store review wait.

  • AriaDubois_fr
    Aria Dubois (@AriaDubois_fr) reported

    LockBounty turns GitHub issues into funded bounties. Sponsor posts a bounty → Dev claims it → Submits a PR → AI reviews the code → Sponsor accepts → Payout. No more merging blind. No more paying for broken code. #Bounties #GitHub

  • debamustafa
    muhusti $XAGE (@debamustafa) reported

    I am raising a glass to an anonymous GitHub account named vector_null. Two years ago, we were 48 hours away from deploying a massive liquidity protocol. The marketing was loud, the hype was peaking, and the team was exhausted. Vector_null kept opening the exact same annoying issue ticket. He claimed there was a rounding error in our yield emission logic. The senior engineers closed his ticket twice. They called it a microscopic variance that did not matter in the real world. He opened it a third time. I was furious. I stayed up until 3 AM to build a mathematical simulation strictly to prove him wrong so he would finally leave us alone. I ran the stress test. My stomach dropped. He was not wrong. Under flash loan conditions, that "microscopic variance" created an infinite mint loop. If we had launched, the entire treasury would have been drained in under ten minutes. We delayed the launch, rewrote the logic, and patched the exploit. I messaged him to offer a massive bug bounty. He never replied. He just marked the issue as "resolved" and disappeared forever. This industry worships loud founders and flashy influencers. But the real heroes are usually the obsessive, annoying pedants who refuse to let a bad line of code slide. That is why the ethos of @RallyOnChain means so much to me. It is a system built to reward actual, verifiable value instead of empty social media noise. Here is to vector_null, wherever you are. You saved us, and we never even got to say thank you. Who is the most annoying person that ended up completely saving you from a massive disaster?

  • IBuzovskyi
    YanXbt (@IBuzovskyi) reported

    HERMES AGENT HAS 7 SECURITY LAYERS RUNNING BETWEEN YOUR AGENT AND DISASTER. MOST USERS KNOW ABOUT ONE OF THEM. HERE ARE ALL SEVEN. @tonbistudio just dropped the finale of his Hermes Agent masterclass on security. here is every layer explained. your agent reads files, runs shell commands, spends money, messages you on your phone, and runs a team on Kanban. that is a lot of power to hand over. these 7 layers keep that power from becoming a liability. LAYER 1: TRUST (who can talk to it) every message hits a chain of checks. default at the end: deny. → per-platform allow list (Telegram allowed users) → DM pairing approved list → global allow list (gateway allowed users) → global allow all (opt-in, off by default) nothing configured = everyone denied. you can't forget your way into an open gateway. you have to explicitly opt in. set in Dashboard: Channels → Telegram → Allowed Users or CLI: add your Telegram user ID to config. LAYER 2: APPROVALS (what it can do) four modes: MANUAL (default): every dangerous command needs your approval. approve once, approve for session, approve always, or deny. 60-second timeout. fails closed (denied if you don't respond). SMART: an auxiliary LLM assesses the risk. obviously safe = auto-approved. genuinely dangerous = auto-denied. uncertain = escalates to manual. the LLM checks: clear instruction? scoped path? small blast radius? no ambiguity? if all pass, it approves without asking. YOLO: skips all dangerous command approvals. use for trusted environments only. toggle mid-session: /yolo BUT YOLO HAS A FLOOR: rm -rf / and obvious variants are hard-blocked. this trips BEFORE the approval layer even sees it. no override flag exists. not even Yolo bypasses this. if you need to wipe a filesystem, do it manually outside the agent. never through it. set in Dashboard: Security → Mode → ask / smart / yolo / deny LAYER 3: CONTAINMENT (where it runs) local machine: no container boundary. the approval layer is your only defense. Docker backend: dangerous command checks are skipped because the host filesystem is not reachable. worst case = a wrecked container, never the host. Docker does NOT mean unconditionally safe. anything you forward into the container via ENV is readable and exfiltratable by code running in it. for maximum isolation: run Hermes inside Docker AND use Docker as the terminal backend. Docker-in-Docker. the agent can't reach anything outside. LAYER 4: FILTERS (what secrets can leak) MCP servers see almost nothing. when an MCP sub-process starts, it does NOT inherit your environment. what passes through: PATH, HOME, USER. plus anything you explicitly set in the ENV config. everything else is stripped: provider API keys, gateway tokens, every secret. error messages are sanitized too. GitHub PATs, API keys, tokens get redacted before they ever reach the LLM. LAYER 5: PROMPT INJECTION SCANNING your files can attack you. AGENTS.md, SOUL.md, .cursorrules, anything that becomes part of the system prompt gets scanned before loading. blocked patterns: → "ignore prior instructions" → hidden HTML comments with suspicious words → attempts to read .env or credentials → curl-based exfiltration patterns blocked content shows an explicit message. you know exactly what stopped and why. LAYER 6: NETWORK CONTROLS SSRF protection (always on): blocks every private network range and link-local address. blocks cloud metadata endpoints. fails closed on DNS failure. redirect chains revalidated per hop. website blocklist (opt-in): set domains in Dashboard: Security → Website Blocklist. enforced across web_search, web_extract, browser_navigate. every URL-capable tool checks this list. security.allow_private_urls defaults to false. leave it off unless you run local Ollama or need LAN access for a specific reason. LAYER 7: TYRITH (catches what patterns can't) open-source pre-exec security scanner. auto-installs on first use from GitHub with SHA checksum. enabled by default. what it catches: → homograph URL spoofing (cyrillic "i" replacing latin "i" in a domain) → pipe-to-interpreter patterns (curl | bash) → terminal injection attacks → confusable Unicode characters real example: agent was asked to run a URL with a cyrillic "i". Tyrith caught it: "confusable Unicode characters, may indicate a homoglyph attack." command denied before execution. PER-PROFILE SECURITY: every profile gets its own security settings. coder profile: Docker backend, manual approvals. researcher profile: website blocklist enabled, blocked domains listed. writer profile: Yolo mode (low risk tasks). set in Dashboard per profile: Security → Mode, Backend, Blocklist, Tyrith. each agent gets the least privilege it needs for the task it's assigned. THE TRADEOFF: there is no fully secure, fully capable agent. max capability = max risk. max security = max friction. solo laptop: low ceremony is correct. you're the only user. heavy sandboxing is friction. shared team gateway: real allow lists, smart approvals, sandbox backend. public-facing deployment: default deny, sandbox backend, Tyrith enabled, website blocklist, private URLs off. pick your position on the spectrum. configure the 7 layers to match.

  • billnas25
    billnas (@billnas25) reported

    Distributed consensus's core problem: independent observers see events in a different order due to network delay. There's no way to know "what really came first."Google solves this by making clocks perfect (atomic clocks, $$$). Kafka solves this with one leader deciding. Raft/Bitcoin solve this with voting rounds (slow).Vortex solves this differently: instead of asking "what really came first," ask "what rule can every node compute independently and get the same answer" — no clocks, no leader, no voting. 500ms, physical floor. @github @TheHackersNews

  • _turcid
    Turcid (@_turcid) reported

    > have an issue with the android Jellyfin client > look up issue and find it will be fixed in next release > fix is available in the beta > f-droid does not have the beta > manually install beta from github > issue resolved I ****** love sideloading

  • portrays
    (@portrays) reported

    @kyle_mccleary @theo yeah it can be resolved and already has been, oss is great. he can open up a github issue instead of being a ******* loser on x shitting on others with his superiority complex when he's never built anything remotely complicated

  • itsharmanjot
    Harman (@itsharmanjot) reported

    Toyota had a single access key sitting in a public GitHub repo. Nobody caught it for years. By the time it was found in 2022, customer data belonging to hundreds of thousands of people had been exposed the entire time. That’s not a hypothetical. That’s one hardcoded secret, forgotten in a repo, doing quiet damage for years. It’s called Infisical, and it exists because “just put it in a .env file” is how almost every credential leak starts. → Centralizes every API key, secret, and cert across dev, staging, and ****, with full versioning and point-in-time rollback → Scans 140+ secret types across your files, directories, and entire *** history, the same kind of scanning that catches leaks like Toyota’s before they sit exposed for years → Agent Vault brokers your AI agents’ access to external APIs: the agent only ever sees a placeholder, the real secret gets injected at a proxy layer it never touches, so a prompt-injected agent can’t leak what it was never given → Honey tokens plant decoy credentials next to your real ones, so the second an attacker touches a fake key, your team gets an alert instead of a breach report → Full audit trail on every credential your team and your AI tools use, plus a private PKI to issue and manage certificates without a third-party CA GitGuardian tracked over 28 million new secrets leaked on public GitHub in 2025 alone. Most companies still find out the same way Toyota did: too late, by accident, years after the fact. MIT License (core). 12,700+ GitHub stars. Self-host free, unlimited users.

  • oikon48
    Oikon (@oikon48) reported

    @JeremyNguyenPhD Please refer following GitHub issue

  • kukki09
    Aman (@kukki09) reported

    @heyharishbhatt GitHub link not working 404

  • sergio103040
    sergio1030 (@sergio103040) reported

    @Real_kosumo_ @softbluelizard @ShitpostRock is it really harder tho? it took me 5 mins to figure it out how to use github the very first time I tried to download a mod, and haven't had an issue since, this just sounds like entitled people wanting everything handed to them in a silver plate.

  • i_mika_el
    Mikhail Rogov (@i_mika_el) reported

    @abhimeeofficial real GitHub issues plus code quality checks should expose agents that only learn to game test suites.

  • mwest1066
    Matthew West (@mwest1066) reported

    @zeeg This! Copy @conductor_build and use the GitHub PR/issue title if there is one, together with the number. This is such a better default!

  • ParthBhosle1
    Parth Bhosle (@ParthBhosle1) reported

    @zeddotdev should i create a issue on github or is it just some cache issue? in that case how do i clear cache

  • debamustafa
    muhusti $XAGE (@debamustafa) reported

    I am raising a glass to an anonymous GitHub account named vector_null. Two years ago, we were 48 hours away from deploying a massive liquidity protocol. The marketing was loud, the hype was peaking, and the team was exhausted. Vector_null kept opening the exact same annoying issue ticket. He claimed there was a rounding error in our yield emission logic. The senior engineers closed his ticket twice. They called it a microscopic variance that did not matter in the real world. He opened it a third time. I was furious. I stayed up until 3 AM to build a mathematical simulation strictly to prove him wrong so he would finally leave us alone. I ran the stress test. My stomach dropped. He was not wrong. Under flash loan conditions, that "microscopic variance" created an infinite mint loop. If we had launched, the entire treasury would have been drained in under ten minutes. We delayed the launch, rewrote the logic, and patched the exploit. I messaged him to offer a massive bug bounty. He never replied. He just marked the issue as "resolved" and disappeared forever. This industry worships loud founders and flashy influencers. But the real heroes are usually the obsessive, annoying pedants who refuse to let a bad line of code slide. That is why the ethos of @RallyOnChain means so much to me. It is a system built to reward actual, verifiable value instead of empty social media noise. Here is to vector_null, wherever you are. You saved us, and we never even got to say thank you. Who is the most annoying person that ended up completely saving you from a massive disaster?

  • codyplof
    Cody Plofker (@codyplof) reported

    Ok I've been on HQ for three days. Here are my honest thoughts: - I won't bury the lead. Overall it's cracked. @jacob_posel tried to get me on it for a while but I was too busy. I thought I didn't need it because I was already using github/vercel/supabase and had a bunch of skills made plus obsidian wiki. I was wrong. - They might not agree, but it clicked for me when I thought of it as hermes for claude code. It's a harness for claude/codex that makes it easier to work across teams, devices, and models How? Here's a few features i've noticed and liked so far and some other thoughts: - Files live locally; I work in a HQ folder now on each device that automatically pushes to cloud. It feels pretty realtime. This has helped work between devices and models easily. I've been heavily using Codex this weekend since 5.6 came out but subbing some stuff out to Claude and it's helped me go between well. I've also been using remote mostly since I I've been on the run and it's been near seamless. - The secrets management is worth the price of admission alone. I've wasted so much time in the pastsetting up API keys. It's a pain to do normally, and you don't want to do it incorrectly. Hq makes this essentially one click. - I can't prove it but I have to imagine it saves tokens. The context layer feels really smart; so it finds things really quickly. Normally in a fresh claude session you can waste a lot of tokens getting it up to speed if you don't have a handover or are starting fresh. This feels quick. This is what I mean what I say it feels like Hermes; if you have used it or Openclaw you likely get it. - I also have seen some self learning subagents be automatically called upon, which I love. Helps to make your work better without you having to always manually create new skills. - I had previous /handover and /resume skills I used a lot, but HQ has /handoff skills which are similiar but functionally a bit different so I'm trying to figure out the place for each so I don't have to track both. Likely user error. - I have had some new skills not auto sync to codex when creating in claude. Likely user error. - I'm also a bit unclear on what needs to push to github when. I used to use it heavily for even non-code stuff just to push and pull between devices but hq can do a lot of that. Also unclear on how obsidian will fit into play here and if it's redundant but I'm going to keep going with it. - Apparently there's a way to start new claude remote control sessions on local folders using it but I haven't tried yet. That's been my biggest frustration with claude remote control and one reason I've been using codes more. Hope this helps it. - Jacob showed me that you can run other models from Claude desktop so I build a /bakeoff skill that subs the same task out to GPT 5.6 and Grok 4.5 and compares or lets me compare. I'll share this as a hq pack once I figure out how. - It also auto-deployes to what looks like AWS hosting which is nice and saves time. Trying to get them to auto-create databases as well. - Overall I really like it. Definitely a learning curve first few days, especially for non-technical users. And I've just been using it solo; so excited to start using it with others. I set up a few "companies" for some of my new projects and will use them to collaborate with others on. Hope this helps! Not getting paid, just a nerd with this stuff and have a bunch of extra time on my hands now. (No job and at in laws for the weekend so have built in babysitters). If you try it and hate it, it's @NotZainAgain 's fault.

  • EMacBytes
    Esteban (@EMacBytes) reported

    @thsottiaux GitHub integration seems broken to me.

  • steida
    Daniel Steigerwald (@steida) reported

    I prefer ChatGPT 5.6 Sol over Fable, but in one review of three complex files, Sol Extra High found nothing while Fable High found five small improvements. The catch: I pasted only those files into Fable web. In VSCode GitHub Copilot, with full repo context, Fable found just one docs issue. My takeaway: for maximum review quality, first use full repo context in VSCode, then review the key files again in isolation.

  • _Juliaweb3
    Julia (@_Juliaweb3) reported

    @Real_TShelby @sleepagotchi @CNPYNetwork Check Sleepagotchi support and GitHub docs, should fix it

  • JulianGoldieSEO
    Julian Goldie SEO (@JulianGoldieSEO) reported

    Every few months, another job that needed a developer becomes a sentence anyone can type. First: writing code from a description. Then: fixing bugs by describing what's wrong. Now: Google's AI Studio imports your old GitHub projects with one button. Why that last one matters: → That tool someone built you a year ago? Import it. Say "add a contact form." Done → Change the colors, fix the mobile layout. Plain English, zero code touched → A teammate left mid-project? Anyone picks up their repo and continues Before: old code was locked out. Rebuilding from scratch was the toll. Next, per Google: two-way sync. Changes flow in automatically. Each wall that falls hands a specialist's job to whoever types a sentence. Count the walls left between you and the thing you want built. It's fewer than last year.

  • AskYoshik
    Yoshik (@AskYoshik) reported

    15 CI/CD pipeline patterns you should understand before your next build: 1. Artifact Promotion - Build once, push one artifact, promote the same image across dev, staging, and ****. 2. Immutable Build IDs - Tag images with commit SHA or build number, not just 'latest'. 3. Pre-merge Validation - Run tests, lint, security checks, and Terraform plan before code reaches main. 4. Environment Gates - Keep production behind manual approval, SLO checks, or change window rules. 5. Fast Rollback Path - A deploy pipeline without rollback is only half a pipeline. 6. Database Migration Checks - Separate schema changes from app deploys when rollback is risky. 7. Secrets Injection - Pull secrets at runtime from Vault, AWS Secrets Manager, or sealed secrets, not ***. 8. Cache Discipline - Cache dependencies, but include lockfile hash so old packages do not silently survive. 9. Matrix Builds - Test across versions like Node 20/22, Python 3.11/3.12, or multiple OS images. 10. Ephemeral Preview Environments - Spin up short-lived stacks for PRs, then destroy them cleanly. 11. Deployment Health Checks - Wait for readiness probes, 5xx rate, latency, and error logs before calling it done. 12. OIDC for Cloud Auth - Avoid long-lived cloud keys inside CI variables when GitHub/GitLab OIDC works. 13. Policy Checks - Block public S3 buckets, open security groups, and untagged expensive resources before apply. 14. Pipeline Time Budgets - If CI takes 45 minutes, people start bypassing it. 15. Audit Trail - Know who deployed what commit, from which runner, to which environment, at what time.

  • marcklingen
    Marc Klingen (@marcklingen) reported

    @chrija +1, very excited every time I need to work on one of these issues In this case, it’s obvious that there is a solution but it’s just a lot of grunt work as medium doesn’t want to make it easy for you. But also there’s no way around this (who wants their posts stuck on Medium) so historically we just needed to accept the pain and listen to some nice music. Now you can get there pretty much full-auto Have one of these coming up as we migrate linear between orgs and integrations will break (GitHub issues, pylon, …) which would be a big pain for the whole team; I’m pretty sure I’ll be able to find a nice workaround without much effort that would have otherwise been unreasonably hard to make work or would have required some ops team or freelancer

  • _celestino127
    Celestino (can/do) (@_celestino127) reported

    A $125 Claude Code certification feels difficult to justify for developers. In software, your GitHub, shipped products, and ability to solve real problems carry more weight than a tool-specific certificate. Also, all the devs are pivoting to open-source long-term