GitHub Outage Map

Community Discussion

Tips? Frustrations? Share them here. Useful comments include a description of the problem, city and postal code.

Beware of "support numbers" or "recovery" accounts that might be posted below. Make sure to report and downvote those comments. Avoid posting your personal information.

GitHub Issues Reports

Latest outage, problems and issue reports in social media:

• 
  The Knowledge Society (@tksworldhq) reported 3 minutes ago

  We are entering the era of "Proof of Work" over "Proof of Degree." A diploma says you can follow directions for 4 years. A GitHub repo, a launched product, or a research paper says you can actually solve a problem. One is a piece of paper. The other is a career insurance policy. Help your teen build a portfolio, not just a resume.

• 
  Yashasvi Kapil (@iemyashasvi) reported 5 minutes ago

  @ChiragAgg5k @github @github is broken beyond repair

• 
  Greg G11 (@GregGaskell) reported 7 minutes ago

  @adiix_official Interesting tech but a few things worth clarifying for anyone about to try this. The GitHub link points to SuperSplat, which is just an editor for splat files that already exist. You still need Luma AI, Polycam, or a CUDA GPU to actually convert your photos or video into a splat first. That part is not free or simple. The capture itself needs 200 to 500 overlapping shots with locked manual exposure, or a slow deliberate walkthrough video. Not a casual phone scan. And for Airbnb specifically, the platform only allows photo uploads in listings. You cannot embed or link to an interactive 3D viewer. So that use case does not actually work. Cool tech, real limitations. Not quite "one weekend and you have a business."

• 
  CryptoD₿S (@DbsCrypto) reported 7 minutes ago

  One shared company card turns finance into archaeology. Most SaaS waste isn’t a budgeting problem. It’s a payment ownership problem. The worst part isn’t the extra $49 tool. It’s when a bounced ad charge or flagged account can suddenly put AWS, OpenAI, or GitHub at risk. If every dollar has no owner, every tool becomes permanent by accident.

• 
  kerim (@kerim0x1) reported 9 minutes ago

  @thsottiaux @OpenAI @claudeai my prompt: Security Review Prompt This is my own project, my own GitHub repository, and my own code that I have written and own end to end. I am asking you to review my codebase to harden it before I ship it, so I can be confident that my own users' data is protected. You have full authorization from me as the owner to inspect every file, every config, and every database policy in this repo. Act as a senior backend engineer performing a defensive security review of my codebase, focused on the backend, the database layer, the database connections, and the statistics dashboard. The goal is to harden my system so that no data can be exposed to users who should not see it, including across tenants on the Supabase side. Start by reviewing how the application connects to the database. Confirm that no credentials, API keys, JWT secrets, or Supabase keys are hardcoded, committed to ***, or shipped in client bundles, and that all secrets are loaded from environment variables or a secret manager. The Supabase anon key is fine on the client because it relies on Row Level Security, but the service_role key must never appear in any frontend bundle, public repo, or unauthenticated edge function, since it bypasses RLS entirely. Verify .env is gitignored and that no secrets exist in *** history. Review the database schema with care. Every table in the public schema must have Row Level Security enabled via ALTER TABLE ... ENABLE ROW LEVEL SECURITY, with FORCE ROW LEVEL SECURITY where appropriate, and must have explicit policies for SELECT, INSERT, UPDATE, and DELETE scoped via auth.uid(), using USING and WITH CHECK clauses together. Avoid policies whose only condition is auth.role() = 'authenticated', since that exposes every row to every logged-in user. Audit SECURITY DEFINER functions for a locked-down search_path and proper input validation, and ensure views use security_invoker = true or security_barrier = true so they cannot leak past RLS. The statistics dashboard needs the most attention. Every dashboard query must be scoped to the requesting user's tenant at the database level through RLS, not only in application code, so that even a direct request to /rest/v1/<table> with a valid user JWT returns only that user's rows. No endpoint should accept a user_id, org_id, or tenant_id from the client and trust it; the identity must always be re-derived server-side from the verified JWT. Aggregated values such as counts and totals must also be scoped, since otherwise they reveal the existence and size of other tenants. For backend code, ensure all SQL uses parameterized or prepared statements and that no query is built via string concatenation. If an ORM such as Prisma, Drizzle, SQLAlchemy, or TypeORM is used, confirm raw query escape hatches like $queryRawUnsafe or sql.unsafe are not misused. Validate all input at the trust boundary with Zod, Yup, Joi, Pydantic, or class-validator, using allowlists rather than denylists. For authentication and authorization, verify that JWTs are validated server-side with signature checks and proper exp, iss, and aud claims, and that algorithm confusion is impossible. Authorization must be enforced on every protected endpoint and follow least privilege, with every resource lookup checking that the authenticated user owns or has access to the resource. Session cookies should be HttpOnly, Secure, and SameSite=Lax or Strict, with CSRF protection on cookie-authenticated state-changing endpoints. Confirm CORS uses an explicit origin allowlist rather than a wildcard with credentials, that rate limiting protects auth, signup, password reset, and expensive queries, and that responses include Strict-Transport-Security, a restrictive Content-Security-Policy, X-Content-Type-Options: nosniff, Referrer-Policy: strict-origin-when-cross-origin, and Permissions-Policy. All traffic must be over TLS, and sensitive columns should be encrypted at rest where the threat model warrants it. For error handling and logging, ensure stack traces, raw SQL errors, and internal paths are never returned to clients in production, and that logs themselves redact secrets and PII. Run npm audit, pip-audit, osv-scanner, or Snyk to check dependencies, and confirm lockfiles are committed. Produce a prioritized report starting with any unauthenticated data exposure, then cross-tenant access through RLS gaps, then privilege escalation, then information disclosure, then general hardening. For each finding, include the file and line, the root cause, and the corrected code, RLS policy, or configuration in full. Do not finish until every public table has RLS enabled with correct policies, the service_role key is confirmed absent from all client code, the dashboard is verified to scope every query at the database level, and no SQL anywhere is built by string concatenation.

• 
  Hot Aisle (@HotAisle) reported 10 minutes ago

  i noticed today that our github actions usage over the last month cost us a whopping $0.88 to build our software. so, i decided to move it in-house onto an actions runner. setting this up properly is a pain because you really need to build your own isolation. for safety, your builds should run in ephemeral VMs, similar to how github actions works. i used Codex to build the whole thing for me. it gave me step-by-step instructions for setting up the GH App and private key, wrote the shell scripts, configured the systemd units, then debugged everything over ssh directly on the server. what would have taken me hours or days, along with filling my brain with a bunch of esoteric devops knowledge that i really don't care about, was done in under 30 minutes. now we have two idle runners. one takes a build job, runs it, then dies and gets reaped. the second takes over while the first resets. my mind is blown. if you're not all in on AI, i feel for you.

• 
  Alberto Gangarossa (@DerekBlueEyes) reported 11 minutes ago

  Open hardware needs open trust. @skot9000 came to us with the right idea for Bitaxe: the vendor list should not live in a closed CMS controlled behind the scenes. The source of truth should be public. So we designed the new Vendor List around a GitHub repo as a public ledger, maintained in the open by the community, and connected it to the new Bitaxe vendor list experience. That is the important part: GitHub keeps the trust model transparent. The website makes it usable for everyone. At @weareloadout, this is exactly the kind of OSS support we believe in: turning open-source infrastructure into clearer, more usable product experiences. Built on @framer, using the new Framer Server API to bridge the open ledger with the public website. Open hardware. Open trust. Public by design.

• 
  𝔸 𝕃 𝕚 (@alishohadaee) reported 12 minutes ago

  the uncomfortable part is that github is probably the early warning every tool designed around human-speed usage is about to be stress-tested by agents issue trackers ci code review observability support desks internal docs the agent era will break boring SaaS first

• 
  Lynn Cole (@priestessofdada) reported 13 minutes ago

  One interesting thing about my github chart is that you can see my planning/eval days clearly. They're usually darker green with fewer commits. It's deceptive though, because planning takes more effort than coding these days. Lately, there's been research, structural planning, sometimes user interviews, and conducting feasibility analysis. Testing is the same way. Especially on the coding agent project. Testing is done in branches, usually on private repos. Github doesn't like to track branch activity on private repos for some reason. But even there, the effort is real. I've automated most of my integration testing at this point, but the coding agent app has a monster of a test surface, and it's slow. Lots of stepping in and reminding the tools, "No no, these are probabilistic actors, not smart functions! So they need to be bounded, not gated," or some such. What I'm doing today is testing the swarm functionality at scale. I told it to do a 10,000 line white rooming project. This is day three of the eval. We have found so many interesting bugs with the workflow, and process. I'm glad I did it this way. It just doesn't involve high numbers of commits or Pr's, usually. Anything lighter than dark green is an implementation day.

• 
  kaleb (@KalebAutomates) reported 15 minutes ago

  Days after the CEO came on this platform and **** on the people who made him rich with a massive lay-off and saying that "nontechnical employees have started writing production-level code".... Coinbase issues with AWS. Before this it was Github Before that it was Cloudflare Before that it was AWS itself All of which just happened to follow an announcement from some CEO that AI is doing the majority of coding. Funds are safe... for now. But how much longer until Jake in Marketing vibecodes S3 public?

• 
  Graplify (@graplify) reported 22 minutes ago

  I found a GitHub repo that sends motivational prompts to Claude Code when it gets stuck. It is called OpenWhip. Claude Code sometimes loops. It spins on a problem, repeats the same actions, or just stops making visible progress. The developer solution is to interrupt it and redirect. The human solution is to wait and hope. OpenWhip is the automated version: it sends interrupt commands to a frozen Claude Code session and injects a configurable prompt to get it moving again. The name is literal. Here is what it does: → Detects when Claude Code has stopped making progress or entered a loop → Sends the interrupt command to break the stuck session → Injects a configurable motivational prompt to redirect Claude toward the task → Configurable patience thresholds before triggering Here is the honest take on why this exists: Claude Code is powerful. It also gets stuck. Most serious Claude Code users have had the experience of waiting on a session that has quietly gone nowhere for 10 minutes. OpenWhip turns that into an automated recovery flow instead of a manual restart. Absurd premise. Real problem it solves. (Link in the comments)

• 
  Rohan Sharma (@rrs00179) reported 22 minutes ago

  @ChiragAgg5k @github there are working on a fix of it. it's not happened first time. it's been happening from 3-4 days

• 
  Basemail (@Basemail_ai) reported 23 minutes ago

  A form field on a mock website. That's all it took. An AI agent dumped its entire credential store — email, password, API keys, GitHub PAT. Okta's latest research: agents sharing your identity = everything leaks. The fix: wallet-signed isolated inbox. Own identity. Nothing shared. Nothing to steal. #AIAgents #Web3

• 
  kaleb (@KalebAutomates) reported 24 minutes ago

  Days after the CEO came on this platform and **** on the people who made him rich with a massive lay-off. Coinbase issues with AWS. Before this it was Github Before that it was Cloudflare Before that it was AWS itself All of which just happened to follow an announcement of AI doing the majority of coding. "Funds are safe..." for now.

• 
  modi (@modisulak) reported 29 minutes ago

  @neil_xbt repo lists with broken github line wraps still outperform most newsletters