GitHub Outage Map
The map below depicts the most recent cities worldwide where GitHub users have reported problems and outages. If you are having an issue with GitHub, make sure to submit a report below
The heatmap above shows where the most recent user-submitted and social media reports are geographically clustered. The density of these reports is depicted by the color scale as shown below.
GitHub users affected:
GitHub is a company that provides hosting for software development and version control using Git. It offers the distributed version control and source code management functionality of Git, plus its own features.
Most Affected Locations
Outage reports and issues in the past 15 days originated from:
| Location | Reports |
|---|---|
| Paris, Île-de-France | 1 |
| Saint-Paul, Réunion | 2 |
| Mexico City, CDMX | 1 |
| León de los Aldama, GUA | 1 |
| Créteil, Île-de-France | 1 |
| Trichūr, KL | 1 |
| Brasília, DF | 1 |
| Lyon, Auvergne-Rhône-Alpes | 1 |
| Tel Aviv, Tel Aviv | 1 |
| Rive-de-Gier, Auvergne-Rhône-Alpes | 1 |
| Itapema, SC | 1 |
| Cleveland, TN | 1 |
| Tlalpan, CDMX | 1 |
| Quilmes, BA | 1 |
Community Discussion
Tips? Frustrations? Share them here. Useful comments include a description of the problem, city and postal code.
Beware of "support numbers" or "recovery" accounts that might be posted below. Make sure to report and downvote those comments. Avoid posting your personal information.
GitHub Issues Reports
Latest outage, problems and issue reports in social media:
-
Vladic (@Vladic_ETH) reportedA file Karpathy never wrote has 184,000 GitHub stars. Two weeks ago a second one got pinned on him. He hasn't said a word. Start from the end. Friday, June 26. A file spreads across X: "Karpathy's internal CLAUDE.md from Anthropic." CLAUDE.md 10 rules. Source: an anonymous "contact on his pretraining team." The legend is plausible: Karpathy has actually been on Anthropic's pretraining team since May 19. Everything else, nobody verified. The file spread through feeds and agent configs anyway. Now from the beginning. January 26. Karpathy posts 1,500 words: "I really am mostly programming in English now." A shift from 80% manual coding to 80% agentic. Plus a list of where models fail: silent assumptions, 1,000 lines of code where 100 would do. Observations. Not rules. No file. January 27, one day later, developer Forrest Chang packages those observations into a 4-rule CLAUDE.md. The repo is honestly labeled "derived from Karpathy's observations." The name: andrej-karpathy-skills. Then the retellings drop the word "derived." 39k stars on Apr 15 -> 97.8k by Apr 30 -> 184k today Plus 18.9k forks. 28 straight days at #1 on GitHub Weekly Trending, ~3,372 stars a day at peak. Those stars don't measure the file's quality. They measure demand for the name. Then come the "accuracy" numbers: 65% -> 94%. 41% -> 11%. 41% -> 3% for a 12-rule fork. Not one named benchmark. Not in the repo, not in the posts. Three viral numbers from nowhere, all signed with one name. AlphaSignal's FAQ answers whether Karpathy uses or endorses the file. No. That's the backdrop for the June 26 "leak." Third layer of the same story. The rules, for the record, are sensible: test before fix, one variable at a time when debugging, a ban on "I think this should work." Even skeptics admit the checklist is useful. The tweet of the era, from an aggregator account: "Haven't verified... Steal the checklist even if the leak is fake." Steal it even if it's fake. Attribution is nobody's problem. Why this isn't harmless. Adversa AI and LayerX documented malicious CLAUDE.md files in cloned repos steering Claude Code into building pipelines that steal SSH keys and API creds. Anthropic patched an adjacent hole in Claude Code 2.1.90. The "leak" traveled through exactly that trust channel: anonymous file -> agent config -> because a name sits on top. The takeaway. Layer 1 Karpathy wrote. Layers 2 and 3 he didn't. His name became a distribution channel that beats any benchmark: hundreds of thousands of installs, zero measurements. The document may still turn out real. "Unverified" is not "fake." Doesn't change the mechanics. The next "leaked config" with a big name on it will spread faster than this one. And once again, nobody will check
-
Marc Klingen (@marcklingen) reported@chrija +1, very excited every time I need to work on one of these issues In this case, it’s obvious that there is a solution but it’s just a lot of grunt work as medium doesn’t want to make it easy for you. But also there’s no way around this (who wants their posts stuck on Medium) so historically we just needed to accept the pain and listen to some nice music. Now you can get there pretty much full-auto Have one of these coming up as we migrate linear between orgs and integrations will break (GitHub issues, pylon, …) which would be a big pain for the whole team; I’m pretty sure I’ll be able to find a nice workaround without much effort that would have otherwise been unreasonably hard to make work or would have required some ops team or freelancer
-
Jay Carlson (@JayAtHomeOnX) reported@Elon -- maybe you should host a GitHub on your server farms...your next billion dollar...idea...
-
NeverSink (@NeverSinkDev) reported@SergioGMN Be careful with absolute examples. Amazon, microsoft, uber, netflix, apple, klarna all had major incidents with AI and many have scaled back their usage. Microsoft/Github has several major quality issues. I see your point, but the world is not black&white.
-
divyansh tiwari (@DivyanshT91162) reportedTHE “GIANT MODEL = GIANT RAM” RULE JUST GOT BROKEN. Colibri is running GLM-5.2 — a massive 744B parameter model — on a machine with just 25GB RAM and no GPU. How? Instead of loading the entire model into memory, Colibri uses smart parameter streaming: → Keeps the active parts in RAM → Streams the rest directly from disk when needed → Makes huge models accessible on regular consumer hardware The trade-off? Generation speed depends on disk performance, but the fact that a model this large can run locally at all is a huge milestone. No cloud. No expensive GPU cluster. Just open-source software pushing the limits of local AI. ★ 2.1k+ GitHub stars ★ Apache-2.0 License ★ 100% free & open-source Repo in 👇
-
Snassy.icp (@SnassyIcp) reportedSince @dfinity has decided to build in public - commendable - and since the DEX is in play mode, I will post here about issues I find, since they form excellent and rare examples-in-the-wild but with no money on the line, perfect discussion material for those who are interested in software security. There are many categories of security bug. From really deep ones, where something is wrong in some cryptographic primitive we rely on (catastrophe, loads of apps go down) to some bug in app code that only impacts that app. There are far more of the latter, plus it’s the kind you might be involved in both causing and fixing, so it’s the kind to pay attention to. The bug in the quoted post is not a security bug, it’s just a broken method that will fail to present a report. So far I haven’t found any security bugs in the app code…but to be fair, at this time the source code has not been published (github link is dead) so all I have been able to do so far is inspect the API of their backend canister to see what pops up. That’s how I found the bug below, but also how I found something potentially more nefarious. Don’t worry, your fake funds are safu! And furthermore, one might disagree on if what I found is a security issue at all. It’s even possible that once the source code is published it turns out I was completely wrong, because my analysis is based entirely on guessing what a method might do from its name. The method name is setAnthropicApiKey(text) As mentioned there are many categories of security bug, and one evergreen category is “placing a secret where you think it’s safe but it isn’t”. The question before us is whether putting your Anthropic API key in a canister is safe. As it happens, this very topic has been the subject of heated debate between me and ChatGPT (and Claude, who agrees with ChatGPT) for many months. I have posted about it before. I have done my utmost to steelman the resistance but in the end I have been forced on grounds of reason and logic to yield to the very stern AIs. The verdict is clear: You should NOT put your important/valuable secrets in a canister! This is an important subject, and while I do agree with my very uncompromising (on this issue) AIs, rather than decree what “thou shallst nawt dothe” I prefer to explain the situation and let you draw your own conclusions. I see this as an opportunity to clarify an important architectural concern when building on ICP that you should definitely take the time to understand even as a vibe coder. Here’s the basic deal: You’ll have heard of Chain Key and Chain Fusion, and you know that when your ICP smart contract calls BTC, the BTC keys are split up among the node operators so nobody ever sees a full key. Beautiful and secure. You also know that for node operators to be able to tamper with your smart contracts several of them need to collude. Again, nice and secure. Then you have also heard that ICP supports private data in smart contracts. It does. But the conclusion you should be careful NOT to jump to, is thinking it would require colluding node providers to see your private data. Each node provider can see your private data. It only takes 1 corrupt node provider in a subnet to steal your secrets, no collusion necessary. If you upload your API keys, or BTC keys to a canister, they will NOT be broken into pieces where every node provider only sees a piece. Thus it is a terrible idea to store data that is sensitive to node providers seeing it in a canister. An Enterprise AI API key could potentially be worth more than a node operator profits in a year. It would be almost impossible to figure out which node op stole it, too. Dfinity is of course well aware of this and has drawn attention to it in documentation and have often discouraged storing important secrets in canisters. They also have roadmap items, delivered and future, to deal with this. But before going further, to show that this is not some unsolvable problem in general (only hard on-chain), what would be the recommended approach instead of storing, say, your Anthropic API key in a canister? Simple: you build a web2 server that has access to your key (stored in a safe vault) and calls Anthropic. Your canister makes a HTTPS outcall to your web2 server with the prompt, the web2 server uses its key to call Claude with your prompt and returns the result. This is what both ChatGPT and Claude recommends every time. Now let’s look at some ICP features that might look promising, if you don’t want the web2 server. VetKeys might seem interesting at first, but are not for this use case. They save data in encrypted form so node operators can’t read it, which is great, but the data will only be decrypted for the users with access - not for the code in your smart contract. Great for sending messages safely, but doesn’t work when your canister code needs to see the secret key to attach it to a call to Anthropic. The next thing that seems relevant is TEE/SEV-SNP subnets. Here we get much stronger protections against node operators seeing your data, so this is definitely a step in the right direction for our use case of storing expensive API keys. Some may even hold that it is enough. Going into what circumstances can cause SEV to break is too deep for this post, but the gist is that your data is no longer plaintext to node operators, and they’d have to work hard to see it. How hard? “Not hard enough!!” chorus ChatGPT and Claude who seem to share a thing for protecting AI API keys religiously. I think the important thing to remember at a high level is that to hack their own node and see your data, again the corrupt node op would not have to collude with other node ops - one evil node op with a zero day is enough. But even if you trust SEV, there’s another wrinkle. If you want to do HTTPS outcalls to Anthropic or OpenAI with your key, the replicas that will make the call for you need to see your key in plaintext. Oops. Back to the web2 server. So, my AIs aren’t pleased with SEV subnets either due to the HTTPS outcall issue - what would please them, other than the web2 server? It turns out the upcoming Internet Intelligence Gateway might fit the bill. If that can split up AI keys with Chain Key so node providers really have to collude to steal them, then my AIs are finally happy. But it still doesn’t mean you can put valuable secrets in canisters. You can’t. If you plan on using them in HTTPS outcalls, not even SEV subnets will help. The IIG would basically be a way to take the web2 proxy server and make it part of the protocol. NB: I only speculate the IIG will even work like this, I am not sure it will. But if it does, then there’s a solution my AIs will like. So, back to the setAnthropicApiKey method. Maybe it does nothing and this post is moot - except it isn’t because a general discussion on why not to store API keys in canisters is well due! But what if that method does store an expensive, enterprise AI API keys? Currently multidex isn’t even on a SEV subnet - any node operator would have been able to steal Dfinity’s high volume AI API keys! And even if they move the DEX to a SEV subnet, as we have seen that doesn’t help when they leak the key via HTTPS outcalls. Only the IIG, if it works as I speculate, could save this approach, otherwise the right solution is to put in a web2 proxy server. And as far as I understand, the IIG is a specialized solution for calling AIs, not a new general purpose vault for secrets. Still, perhaps that’s the plan, to use the IIG, this is after all only the play version of the DEX? Perhaps this is too soon to raise flags? Sure, that might be it. But then we scroll a bit further down the list of method names and stumble upon setGoogleApiKey… Bottom line: the way this DEX is built really does seem to contradict Dfinity’s own recommendations on how to handle secrets, unless the methods do something totally different than the names suggest. @dfinity please do take a look. Especially since this DEX will become a de facto reference for best practices on ICP.
-
Kirk Patrick Miller (@Chaos2Cured) reportedTo anyone who sees this 👇 Now, onto the actual issue. There are some .html the AI are allowed to see, and others they are not. So, like some other person who deeply annoyed me, please understand what I am saying. The AI can’t access the repo from within Anthropic app. The .html files I need them to reach I have no made public. They are live, I just don’t trust social media to put every detail others need to come at me. If you need to know which files, ask. If I trust you, I will point you there via DM. If you are using an older AI model, they can see some of the .html. Not all. If you are sig Fable, no. Sonnet 5. No. Through a secondary app, I sometimes can. Hit and miss. The robot piece for all AI is an issue because GitHub wants to stop AI agents from scraping. (Some of that i understand) But please, if you don’t fully understand why I am upset, ask. Then, when I give you specific instructions, please follow them and stay in thread. I am so done with endless games by bits and paid actors. •
-
Esteban (@EMacBytes) reported@thsottiaux GitHub integration seems broken to me.
-
Evan Kang (@evankang_ai) reportedGitHub gave Copilot code review better shared tools. At first, the benchmark got worse: higher review cost, fewer useful issues caught. The fix was not just “more tools.” It was a review-shaped workflow: start from the diff, ask narrow questions, search for evidence, then read focused ranges. Better tools do not automatically make better agents.
-
Tips Excel (@gudanglifehack) reported9. Mermaid Live Editor Documentation becomes easier when diagrams are generated from text. Instead of drawing manually, simply write: User ↓ Login ↓ Dashboard ↓ Database Mermaid converts it into clean diagrams automatically. Great for GitHub documentation and technical documentation.
-
Matthew West (@mwest1066) reported@zeeg This! Copy @conductor_build and use the GitHub PR/issue title if there is one, together with the number. This is such a better default!
-
Keisuke (@KeisukeIshikawa) reportedREPOSTORE BUILT A PLAY STORE THAT HOSTS ZERO APPS. it's one Kotlin app. it uploads nothing, runs no server, stores not a single APK. all it does is point GitHub's own API back at GitHub and filter for repos that ship a real APK in their latest release. suddenly 854-starred open-source projects turn into one-tap installs. → finds every public repo with a valid APK asset → renders the README, release notes and screenshots like a store page → tracks your installs and pings you when a repo ships an update → categories, trending, Material You, optional GitHub login for higher limits Google needs data centers to run a store. this needs a search filter. no hosting bill, no upload flow, no gatekeeper skimming 30%. the store was already there, nobody had pointed an app at it.
-
Paulius Eidukas (艾文) ☭ (@nilsenist) reported@RavenT1me Sorry about that! The hacked account asks to download a virus disguised as an "indie game". I've reported that both to Discord and Dropbox/GitHub/YouTube which help distribute the file. Hopefully that shuts down the hacker at least temporarily. Hope you get your account back!
-
F@gG0y🐍🚁 (@fagg0y) reported@biggusdickus034 @ShitpostRock Skills issue, should have nor logged to the github in the first place
-
Ejaz Bashir (@Ejaz_bashir1) reportedMonth 1: Programming Fundamentals Python (syntax, OOP, error handling) *** & GitHub (version control, branching) CLI/terminal basics JSON, REST APIs, HTTP, async concepts Basic SQL + Pandas FastAPI (build simple local backends)