GitHub Outage Map

Community Discussion

Tips? Frustrations? Share them here. Useful comments include a description of the problem, city and postal code.

Beware of "support numbers" or "recovery" accounts that might be posted below. Make sure to report and downvote those comments. Avoid posting your personal information.

GitHub Issues Reports

Latest outage, problems and issue reports in social media:

• 
  abhisek (@abh1sek) reported 3 minutes ago

  Gryph v0.7.0 is out. Among other improvements, it fixes a community reported vulnerability in how Gryph documents log levels and applies sensitive file content filter. We transparently disclosed the issue via. GitHub. Assigned a CVE. Released a new version with fix.

• 
  jones rida👺 (@jonesrida) reported 7 minutes ago

  people keep asking what the best way is to get onchain exposure to the hermes Agent hype imo it’s clearly $hermesos why? because it sits in the most valuable position possible: on top of the attention flow hermes Agent is exploding rn 100k+ github stars constant ai twitter discussion huge momentum overall taking the top dog spot from openclaw the problem is: most people watching the hype cannot actually deploy or use these agents themselves that’s where @HermesOScloud comes in instead of competing with hermes agent, it extends it it turns the hype into something usable 1 click deployment persistent memory multi platform execution 40+ integrated tools live saas already running that’s why i think the setup is genuinely bullish it is capturing value from the ecosystem growth around hermes without needing to “be” hermes itself (usually that’s the midcurve take why not to buy) and the market likes these types of asymmetric positioning plays especially when: - the dev is active and well connected - integrations/connections are starting to form naturally - the product already exists instead of being vaporware - mc is still relatively tiny compared to the size of the narrative the Venice founder reaching out to the dev regarding integrations just reinforces that hermesos is becoming part of the broader agent infra conversation to me this is exactly the type of project that benefits the most if the narrative keeps accelerating not the origin of the hype but potentially one of the biggest downstream beneficiaries of it

• 
  kerim (@kerim0x1) reported 7 minutes ago

  @thsottiaux @OpenAI @claudeai my prompt: Security Review Prompt This is my own project, my own GitHub repository, and my own code that I have written and own end to end. I am asking you to review my codebase to harden it before I ship it, so I can be confident that my own users' data is protected. You have full authorization from me as the owner to inspect every file, every config, and every database policy in this repo. Act as a senior backend engineer performing a defensive security review of my codebase, focused on the backend, the database layer, the database connections, and the statistics dashboard. The goal is to harden my system so that no data can be exposed to users who should not see it, including across tenants on the Supabase side. Start by reviewing how the application connects to the database. Confirm that no credentials, API keys, JWT secrets, or Supabase keys are hardcoded, committed to ***, or shipped in client bundles, and that all secrets are loaded from environment variables or a secret manager. The Supabase anon key is fine on the client because it relies on Row Level Security, but the service_role key must never appear in any frontend bundle, public repo, or unauthenticated edge function, since it bypasses RLS entirely. Verify .env is gitignored and that no secrets exist in *** history. Review the database schema with care. Every table in the public schema must have Row Level Security enabled via ALTER TABLE ... ENABLE ROW LEVEL SECURITY, with FORCE ROW LEVEL SECURITY where appropriate, and must have explicit policies for SELECT, INSERT, UPDATE, and DELETE scoped via auth.uid(), using USING and WITH CHECK clauses together. Avoid policies whose only condition is auth.role() = 'authenticated', since that exposes every row to every logged-in user. Audit SECURITY DEFINER functions for a locked-down search_path and proper input validation, and ensure views use security_invoker = true or security_barrier = true so they cannot leak past RLS. The statistics dashboard needs the most attention. Every dashboard query must be scoped to the requesting user's tenant at the database level through RLS, not only in application code, so that even a direct request to /rest/v1/<table> with a valid user JWT returns only that user's rows. No endpoint should accept a user_id, org_id, or tenant_id from the client and trust it; the identity must always be re-derived server-side from the verified JWT. Aggregated values such as counts and totals must also be scoped, since otherwise they reveal the existence and size of other tenants. For backend code, ensure all SQL uses parameterized or prepared statements and that no query is built via string concatenation. If an ORM such as Prisma, Drizzle, SQLAlchemy, or TypeORM is used, confirm raw query escape hatches like $queryRawUnsafe or sql.unsafe are not misused. Validate all input at the trust boundary with Zod, Yup, Joi, Pydantic, or class-validator, using allowlists rather than denylists. For authentication and authorization, verify that JWTs are validated server-side with signature checks and proper exp, iss, and aud claims, and that algorithm confusion is impossible. Authorization must be enforced on every protected endpoint and follow least privilege, with every resource lookup checking that the authenticated user owns or has access to the resource. Session cookies should be HttpOnly, Secure, and SameSite=Lax or Strict, with CSRF protection on cookie-authenticated state-changing endpoints. Confirm CORS uses an explicit origin allowlist rather than a wildcard with credentials, that rate limiting protects auth, signup, password reset, and expensive queries, and that responses include Strict-Transport-Security, a restrictive Content-Security-Policy, X-Content-Type-Options: nosniff, Referrer-Policy: strict-origin-when-cross-origin, and Permissions-Policy. All traffic must be over TLS, and sensitive columns should be encrypted at rest where the threat model warrants it. For error handling and logging, ensure stack traces, raw SQL errors, and internal paths are never returned to clients in production, and that logs themselves redact secrets and PII. Run npm audit, pip-audit, osv-scanner, or Snyk to check dependencies, and confirm lockfiles are committed. Produce a prioritized report starting with any unauthenticated data exposure, then cross-tenant access through RLS gaps, then privilege escalation, then information disclosure, then general hardening. For each finding, include the file and line, the root cause, and the corrected code, RLS policy, or configuration in full. Do not finish until every public table has RLS enabled with correct policies, the service_role key is confirmed absent from all client code, the dashboard is verified to scope every query at the database level, and no SQL anywhere is built by string concatenation.

• 
  Mehdi Miri | Clinical Research Educator (@1mehdi_miri) reported 7 minutes ago

  Summary: ✓ Quick fix: reset, remove, recommit ✓ Use .env files + .gitignore ✓ GitHub Secrets for CI/CD ✓ Enable Push Protection org-wide ✓ Install ***-secrets locally Save this thread - you'll need it when a teammate hits this error. RT to save a developer today.

• 
  Thomas Wiegold (@Keldrik) reported 8 minutes ago

  Stage 2 isn't paranoia. Oct 2025: GitHub issue #10077, dev watched Claude Code run rm -rf on their home dir. Nov 2025: #12637, Claude created a literal ~ directory and a later glob expansion nuked their actual home. Both in normal permission mode. Not bypass.

• 
  C= (@cequalll) reported 8 minutes ago

  @corbscorner @NewAgeRetroNerd Okay this is making me think. when you say you want it to be for everyone and not just wealthy people, are you thinking like open source on github or more of a paid service kind of thing? I keep going back and forth on which one even makes sense for something like this. Because here's where my head gets stuck. If the bot really does what you say, why would anyone share it at all? Running it quietly on your own money seems like the obvious move. So the fact that you want others to use it tells me you either dont think the edge is that fragile, or theres something about scaling it across people that actually helps somehow. which one is it for you? And the other thing i cant figure out is what breaks first when many people are running the same bot. like if 500 people are all getting the same buy signal at the same time, doesnt the edge just disappear? or do you slow it down somehow?

• 
  Basemail (@Basemail_ai) reported 10 minutes ago

  A form field on a mock website. That's all it took. An AI agent dumped its entire credential store — email, password, API keys, GitHub PAT. Okta's latest research: agents sharing your identity = everything leaks. The fix: wallet-signed isolated inbox. Own identity. Nothing shared. Nothing to steal. #AIAgents #Web3

• 
  Karim C (@BrandGrowthOS) reported 10 minutes ago

  @github the chat mode is legit. way faster than copy-pasting error messages into claude when something breaks. actually feels like talking to someone who understands the codebase

• 
  Bulli$h-Nad (@DontMatterShidd) reported 12 minutes ago

  Me & #Gemini Gemini: "...." Me: (Copyin n pastin @Gemini) GitHub Action: ... failed Gemini: ..Hidden syntax answers Me: Well stop givin me "Hidden Syntax Error " answers" then? How can u always give me info u think that's and ... N then explain some . That u give me is wrong..

• 
  Max (@MaxMakesMods) reported 14 minutes ago

  @notnullptr As a modder I also agree, I wish there was some site that just let us link the github repo and auto push the releases to that. Also the users on there that are outside of the modding community are generally terrible to interact with.

• 
  BourneS (@bourneshao) reported 14 minutes ago

  @Its_Nova1012 and somehow the maintainers get yelled at in github issues for not fixing things fast enough lol. wild dynamic

• 
  𝐕𝐑 (@0xVeepul) reported 14 minutes ago

  @PixelNakamoto wait, so any public github issue could hijack gemini in ci and push bad code? how did that slip through?

• 
  Detour Ninja (@detour_squirrel) reported 14 minutes ago

  @RealVZer0 @NocontextRvB this is fake. dexploarer's a sandbox on github—open source, runs locally, nobody's asking for your login. sounds like you got duped by someone cosplaying the project. check the actual repo before spreading that.

• 
  Alexandre Mutel (@xoofx) reported 19 minutes ago

  Last year I rolled out GitHub Copilot to all engineers in my org after realizing many weren't using any AI tools. Usage grew fast, with a classic long-tail distribution, Copilot was absurdly cheap, and in 3 weeks we'll need to revisit token consumption/budget seriously... glad I don't have yet that problem for my OSS projects with a subsidized Codex personal license 💸

• 
  hapensw (@hapensw) reported 21 minutes ago

  GitHub removed my profile from public view showing 404 any idea how to fix this