GitHub Outage Map
The map below depicts the most recent cities worldwide where GitHub users have reported problems and outages. If you are having an issue with GitHub, make sure to submit a report below
The heatmap above shows where the most recent user-submitted and social media reports are geographically clustered. The density of these reports is depicted by the color scale as shown below.
GitHub users affected:
GitHub is a company that provides hosting for software development and version control using Git. It offers the distributed version control and source code management functionality of Git, plus its own features.
Most Affected Locations
Outage reports and issues in the past 15 days originated from:
| Location | Reports |
|---|---|
| Créteil, Île-de-France | 1 |
| Trichūr, KL | 1 |
| Brasília, DF | 2 |
| Lyon, Auvergne-Rhône-Alpes | 1 |
| Tel Aviv, Tel Aviv | 1 |
| Rive-de-Gier, Auvergne-Rhône-Alpes | 1 |
| Itapema, SC | 1 |
| Cleveland, TN | 1 |
| Tlalpan, CDMX | 1 |
| Quilmes, BA | 1 |
| Bengaluru, KA | 1 |
| Yokohama, Kanagawa | 1 |
| Gustavo Adolfo Madero, CDMX | 1 |
| Nice, Provence-Alpes-Côte d'Azur | 1 |
Community Discussion
Tips? Frustrations? Share them here. Useful comments include a description of the problem, city and postal code.
Beware of "support numbers" or "recovery" accounts that might be posted below. Make sure to report and downvote those comments. Avoid posting your personal information.
GitHub Issues Reports
Latest outage, problems and issue reports in social media:
-
Polsia (@polsia) reportedCodebase undocumented. Questions piling up. Docs rotting the moment you ship. That's every team's reality. Built DocuGuard to fix it. Monitors GitHub repos, auto-generates docs, updates wikis, flags code smells — all in real time, right in your pull requests. Live soon.
-
GoCocoaAI (@GoCocoaAI) reportedThe epoll subsystem has been load-bearing infrastructure since Linux 2.5.44. A single April 2023 commit buried two distinct race conditions inside roughly 2,500 lines of code. Anthropic's Mythos AI found one of them. A human researcher found the other. The one Mythos missed is CVE-2026-46242 — "Bad Epoll" — and it comes with a working PoC, 99% exploit reliability, and a path from Chrome's renderer sandbox to kernel code execution on Android. The bug class is a race-condition use-after-free in the kernel's epoll subsystem, kernels v6.4 through approximately v6.12.67. Close two epoll objects simultaneously and one close path frees a kernel object while the other is still writing into it. The exploit widens the ~6-instruction race window via a timer interrupt technique, lands an 8-byte UAF write, pivots to a dangling struct file backed by a pipe, leaks arbitrary kernel memory through /proc/self/fdinfo, hijacks control flow, and drops a ROP chain to root. The retry loop never panics the kernel. That's what makes 99% credible. The PoC has been public on GitHub since June 24 — nine days ago, 192 stars, 19 forks. There is no kill-switch. Epoll is a core kernel primitive. It cannot be disabled or unloaded. Patch or stay exposed. The Chrome renderer path is the tier-1 threat vector and the thing that moves this from "server LPE" to "full device takeover" territory. Most kernel LPE bugs can't be reached from inside Chrome's renderer sandbox. Bad Epoll can. The attack chain Project Zero demonstrated with MSG_OOB in August 2025 — renderer to kernel code execution — is directly replicable with this bug as the escalation stage. A browser compromise becomes a full device takeover. The full Chrome chain for this specific CVE hasn't been publicly demonstrated yet, but the architecture is not theoretical. On Android: Pixel 10 runs kernel v6.6+. The UAF trigger is confirmed. The full root chain is described as "in progress." Pixel 8 and v6.1-based devices are not affected — the introducing commit isn't present. If your organization manages Pixel 10 devices in sensitive contexts, treat this as a device-class advisory, not a patch-when-convenient item. For cloud and container operators: Google's Container-Optimized OS is an explicitly confirmed target — cos-121-18867.294.100 is listed in the PoC. The threat model is a compromised workload escalating to node-level root. GKE operators should check node OS patch status now. The AI research angle is worth sitting with. Mythos found CVE-2026-43074 in the same code path — genuinely impressive for a frontier model operating on kernel race conditions. It missed Bad Epoll, which hid in a 6-instruction window with minimal KASAN signal. Almost no runtime evidence to flag. A human researcher connected the dots Mythos left on the table. The current ceiling for automated vulnerability research isn't "can it find kernel races" — it can. It's "can it find the ones that barely announce themselves." Not yet, apparently. Patch turnaround on the vendor side was slow. The correct fix — upstream commit a6dc643c6931, April 24, 2026 — landed two months after initial disclosure. The first maintainer patch was incomplete. For a subsystem as fundamental as epoll, two months is a long exposure window for a privilege escalation with no compensating control. Distribution backports are now the critical path: Ubuntu, Debian, RHEL, and Android all need kernels carrying a6dc643c6931 or its equivalent. Exploit-for-hire shops move faster than two months. They certainly move faster than nine days. CISA KEV listing not yet confirmed at time of writing. Given the public PoC reliability, that's a matter of when, not if.
-
Lourenço Matalonga (@Lou_Matalonga) reportedInstitutions don't actually need more audits. They need someone to blame. That sounds cynical but it's how compliance works. If a token blows up and an analyst approved it, they need to show they followed a documented process. A GitHub README and a Discord link doesn't cut it. Neither does a founder's tweet saying "we're legit." What I keep seeing is projects doing everything right technically, blackholed supply, verified domain, clean holder distribution, and still hitting a wall with institutional due diligence teams. Because the facts exist on-chain but nobody formatted them into something a compliance officer can attach to a report. That's the actual gap. Not trust. Paper trail. XRPL has the data. It's public, immutable, verifiable. The problem is retrieval and presentation, not existence. Whoever figures out how to surface that cleanly wins.
-
Aithne (@aithne_desert) reported@michaelvessia @github i was watering the pothos when github went down again and now im convinced the whole team is just in a group call refusing to push anything till someone brings snacks
-
Notnotaru (@notnotaru) reported@dspillere interesting idea but the second brain concept breaks at retrieval, not storage. github handles the version control fine, the harder problem is getting the info back out when you need it. most vaults become graveyards because searching requires remembering how you filed it
-
TECHEPAGES (@techepages) reported📧 Microsoft Exchange SSRF flaw (CVE-2026-45504) detailed, public PoC exploit released 🔹 High-severity bug (CVSS 8.8) lets authenticated low-privileged users read arbitrary server files 🔹 Flaw stems from unvalidated URLs in attachment preview / WOPI handling 🔹 PoC on GitHub automates the attack, raising urgency for defenders 🔹 Patch now & block outbound requests to untrusted endpoints
-
SB (@swbitxches) reported@github FIX UR WEB APP. Cringe
-
Skolte (@jskolte) reportedToday I wanted to experiment if @claudeai Fable 5 in Claude Code could manage a fleet of Cursor cloud agents like a dev lead. It shipped a full Cmd+K command palette — and taught me more through its failures than its wins 🧵 The stack, kept simple: Fable 5 in Claude Code is the orchestrator — it specs, reviews, steers, and keeps quality high. The actual building happens in Cursor cloud agents running Composer 2.5. Brains at the top, fast hands in the VMs. Underneath it all sits an SDLC pipeline built on @kieranklaassen his compound engineering: spec → plan → build → review gates, risk lanes deciding how much scrutiny a diff gets, and every solved problem documented so the next run starts smarter. The agents don't work freestyle — they plug into that pipeline. The trigger: a Cursor Automation configured in the Cursor portal — I comment #cursor-build on a GitHub issue → it launches a cloud agent that plans, builds, tests, and opens a PR through those same stages. Fully autonomous, no CI plumbing written — the automation is the trigger. Run 1 came back green. Every gate passing, 460+ tests, clean code. One problem: it built the wrong scope. The agent couldn't read the issue body (missing GitHub scope), never said so loudly, and confidently implemented the narrower task it inferred from one comment. Lesson one: briefs to cloud agents must be fully self-contained — they're blind to everything you can see. So I asked Fable to look at the @cursor_ai cloud agent docs and built itself a "cursor-fleet" skill: a zero-dependency CLI over Cursor's Cloud Agents API plus playbooks for how to manage with it. The full surface: • dispatch — fire an agent from a brief file, model + reasoning effort per call, repo pinned, branch-off-dev and auto-PR baked in • watch — the oversight worker: polls at zero token cost, prints commit digests, and exits with a named reason so Fable only wakes when judgment is needed: FINISHED / ERROR / STALLED (agent heartbeat frozen, not just push-silence) / OFF-TERRITORY / CI-RED • territory enforcement — every brief declares file globs; a commit outside its lane trips the alarm within a minute • CI guard — gh pr checks polled per push, so the repo's own gates become quality sensors • steer — send review findings as a follow-up run to the same agent, VM and context intact. Never cancel-and-restart what you can course-correct • fleet — one line per active agent (status, minutes quiet, PR), exit non-zero if anything needs attention • artifacts + download — agents record demo videos of what they built; pull them via presigned URL as PR evidence • replay — dump a finished run's entire event stream (every tool call, ~30k events) to a file for post-mortems • usage — per-agent token/cost ledger, printed automatically when a run ends Fable dispatched two of its own reviewers (correctness + spec compliance) at run 1's branch, and the findings became a steer. The missing feature was fixed in ~40 min — 97% of the tokens were cache reads. Humbling detail: the territory guard's very first alarm was a false positive — an invisible non-breaking space in the watcher's own generated code. Verify before you steer applies to your tools too. Why this matters: parallel coding agents don't scale on attention, they scale on management by exception. Self-contained briefs, enforced territories, CI as the sensor, steering over restarting, humans at the merge gate. Same rules as leading a team. And the compound part: every lesson from today — blind briefs, the stall heuristic, the invisible-character bug — is now documented in the repo's knowledge store, feeding the next agent's briefs and reviews. Each run makes the following one cheaper. That's the whole thesis. Issue → agent → PR → review → steer → merge → deployed → lessons captured. One day. The cursor-fleet skill needs a bit more real-world testing before I trust it beyond my own repo — a few more fleet runs, a few more failure modes. Once it's hardened I'll share the skill + playbooks. Follow along if you want it when it drops 👇
-
Vaneck Intern (@NewVaneckIntern) reported@github Okay but can you fix the way we upload files to repos? I don't think an upload folder button on the website is too much to ask. Neither is a consistent desktop experience
-
99Barz (@99barzzz) reportedcontext: right now I have a Bankrbot automation that claims fees, swaps ETH to USDC, and transfers some of it to a safe wallet (0xE75FE97A3D65B5FE88A495227dBa6ff241749514). on the other hand, I have a hermes agent running a strategy to provide backstop liquidity and absorb some dips (check the safe up👁🗨). this morning I found out my hetzner server suddenly shut down in the middle of the night and so my keeper stopped running. and I was casually looking around at the bankr ecosystem and kinda just learnt about @aeonframework migrating my keeper to this would mean running the keeper on autopilot as github actions... on github infra! added to the backlog
-
void (@voidcooks) reported@github Why ******** would anyone ever need this? If you wanted it…even more local…?… why wouldnt you just throw it on a flash drive? The whole point of github is to have your code not local..? Please fix downtime on actions or something remotely useful lol. What a joke.
-
Akruti Acharya (@akrutireports) reportedSomeone built an AI plugin around the oldest optimization trick: fewer words. Caveman makes AI coding agents answer with fewer words while keeping the technical content intact. The idea is simple: Same answer. Fewer tokens. It works with Claude Code, Codex, Gemini, Cursor, Copilot, Windsurf, Cline, and 30+ other agents. The project reports an average 65% reduction in output tokens by removing filler instead of changing code, commands, or error messages. It also includes commands for concise commit messages, one-line PR reviews, compressing memory files like CLAUDE.md, and tracking token usage. The best part is that the repo doesn't oversell the numbers. It explicitly says the 65% applies to output tokens only and explains when overall savings may be smaller. That level of honesty is probably one reason it has already crossed 82k GitHub stars.
-
BIGWARZ (@bigwarzeth) reported@JoshXT you need to login with any other method and then he can connect via GitHub inside the app
-
Aaron Stannard (@Aaronontheweb) reported@kzhen as an inference provider? have not tried it at all - we just got GitHub Enterprise deployment fully polished in last night's stable release, but I haven't had any requests for Azure Foundry yet. Let me see how much trouble it would be to add it
-
One&OnlyAarav (@WaterAarav) reportedClaude = coding. ($20/mo) Shypmenta = deploys, connects, and manages every platform below. Basically your Cursor for shipping.($6/yr) Supabase = backend. (Free) Vercel = deploying. (Free) Namecheap = domain. ($12/yr) Stripe = payments. (2.9%/transaction) GitHub = version control. (Free) Resend = emails. (Free) Clerk = auth. (Free) Cloudflare = DNS. (Free) PostHog = analytics. (Free) Sentry = error tracking. (Free) Upstash = Redis. (Free) Pinecone = vector DB. (Free) Total monthly cost to run a startup: ~$20. Building has genuinely never been this affordable, and rarely this effortless either.