GitHub Outage Map
The map below depicts the most recent cities worldwide where GitHub users have reported problems and outages. If you are having an issue with GitHub, make sure to submit a report below
The heatmap above shows where the most recent user-submitted and social media reports are geographically clustered. The density of these reports is depicted by the color scale as shown below.
GitHub users affected:
GitHub is a company that provides hosting for software development and version control using Git. It offers the distributed version control and source code management functionality of Git, plus its own features.
Most Affected Locations
Outage reports and issues in the past 15 days originated from:
| Location | Reports |
|---|---|
| Créteil, Île-de-France | 1 |
| Trichūr, KL | 1 |
| Brasília, DF | 1 |
| Lyon, Auvergne-Rhône-Alpes | 1 |
| Tel Aviv, Tel Aviv | 1 |
| Rive-de-Gier, Auvergne-Rhône-Alpes | 1 |
| Itapema, SC | 1 |
| Cleveland, TN | 1 |
| Tlalpan, CDMX | 1 |
| Quilmes, BA | 1 |
| Bengaluru, KA | 1 |
| Yokohama, Kanagawa | 1 |
Community Discussion
Tips? Frustrations? Share them here. Useful comments include a description of the problem, city and postal code.
Beware of "support numbers" or "recovery" accounts that might be posted below. Make sure to report and downvote those comments. Avoid posting your personal information.
GitHub Issues Reports
Latest outage, problems and issue reports in social media:
-
Absent Insight (@AbsentInsight) reported@Shpigford I'm on mobile, so I just installed it to Firefox (basically one of two options I know of on mobile that allow extensions). I did have one issue, though. After turning your repo into .xpi and trying to load it, it was rejected for the signature. Turning off the signature check fixed it, of course, but is this normal? I don't use extensions in my daily life, but turning Amazon into the site it used to be was too good to pass up on lol. So I'm not sure if this is just how it goes when doing it directly from Github rather than going through an official online store. Anyways, I'll be testing this out later since I absolutely hate the mountains of garbage that Amazon has allowed into their store. I give feedback if I notice anything.
-
Marcos (@MAMware) reported@richkuo7 @ClaudeDevs @grok i like this "new-issue Turns a bug, idea, or conversation into a complete GitHub issue. Checks the claims against the actual code first, adds a complexity score, and never files a half-empty stub." and this "sync-docs Updates CLAUDE.md, AGENTS.md, SKILL.md, and README.md to match what recent commits actually changed."
-
IT Guy (@T3chFalcon) reportedNightmare Eclipse. Reportedly a former Microsoft security employee. The story: they found critical vulnerabilities inside Microsoft. reported them internally. Microsoft ignored the reports, deleted their accounts, and refused to pay the bug bounties. so they went public. Timing every release to drop within hours of Microsoft's monthly Patch Tuesday, the day Microsoft fixes other vulnerabilities, so the new ones land before defenders have time to breathe. here's what they've dropped since April: BlueHammer, CVE-2026-33825. exploits Microsoft Defender to redirect SYSTEM-level file writes into System32. patched. then actively exploited by real attackers within days. RedSun — SYSTEM-level privilege escalation via Defender. now in live attacks. UnDefend — blocks Defender from receiving definition updates entirely. observed in live intrusions. your antivirus stops updating. silently. YellowKey — bypasses BitLocker on TPM-only configurations. fixed June Patch Tuesday. GreenPlasma — SYSTEM-level privilege escalation via CTFMON. fixed June Patch Tuesday. MiniPlasma — resurrected a patched 2020 flaw that Microsoft let regress. RoguePlanet — the latest. no CVE. no patch. dropped June 9, hours after Patch Tuesday. now let's talk about RoguePlanet specifically because it's the most alarming. it exploits a race condition in Microsoft Defender itself. the component designed to protect your system runs as SYSTEM — the highest privilege level on Windows. it has to, so it can quarantine and delete malware anywhere on disk. RoguePlanet tricks Defender into performing a SYSTEM-level file write into a location the attacker controls. The result: a standard user gets a command prompt running as NT AUTHORITY\SYSTEM on a fully patched Windows 10 or 11 machine. Microsoft hardened Defender in May to block this class of attack. Nightmare Eclipse rewrote it to bypass the hardening and released it the same day as Patch Tuesday. ThreatLocker independently confirmed it works on fully patched Windows 11. BlueHammer, RedSun, and UnDefend the earlier releases were already picked up by real threat actors and used in live intrusions. Huntress documented this. a researcher dropping PoC exploits to punish a corporation is one thing. those exploits getting weaponized by ransomware groups is something else entirely. Microsoft's response: they flagged the researcher's blogs. took down their GitHub. threatened legal action. called it potential criminal activity. the cybersecurity community responded with fury. researchers don't work for Microsoft. if a company ignores internal reports and refuses to pay bounties, public disclosure is the entire point of responsible disclosure culture. Microsoft backed down. said they had no intention of pursuing legal action against security researchers. Nightmare Eclipse released RoguePlanet the same week. Microsoft built a bug bounty program to stop exactly this. they ignored the reports. now every Windows machine on earth is waiting for a patch that doesn't exist yet.
-
Gokul Suresh (@GokulSures39968) reportedThe Fix: Upstream data cleansing. I started using Microsoft's MarkItDown (sitting at 163K+ GitHub stars). It strips layout junk from PDFs, Word, Excel, PPTs, and YouTube links, turning them into pure Markdown. Why Markdown? It's the native tongue of frontier LLMs.
-
João Paulo (@jonaspauleta) reported@ClaudeDevs I would love to use Fable 5 as an advisor but it is crashing, already reported the issue in GitHub
-
kitze the 🐐 (@thekitze) reportedi'm trying to get a "software factory" from temu going with my agents i'm fine with paying $1k/mo and i'll go to $2k/mo if it's actually successful my current experiment is: - dedicated hetzner server for vibe coding ($60/mo) - 4 x $200/mo codex accounts, load balanced with codex-lb - self hosted paperclip - paperclip workspaces feature: each task gets done in an isolated environment, because there's like 30 of them being worked on in parallel and my own method of doing everything on one branch just breaks and burns tokens - one codex high level manager running a /goal with gpt 5.5 xhigh: drives everything through paperclip, reviews, merges, makes new releases, writes changelog etc. it's going surprisingly good but what i'm missing is that this feels like a scraped together solution and reading the codex chat causes me pain someone should create a proper software factory that's already properly wired and has enough instructions and automations under the hood so you just connect your github, top up some money to burn, and have some initial chat about your goals and what needs to be done. then everything automatically gets picked up from there. new tasks, bug reports, crashes get auto patched, checks for health, user requests get triaged and the important ones get auto fixed, when there is idle time more tests get added, accessibility gets improved etc etc. the pitch of "you just throw money and things get automatically better for you" is super appealing for many people you just chat with ONE AGENT that's on top, and stuff trickles down FMFL CAN SOMEONE THROW ME A COUPLE OF MILLYS SO I CAN WORK ON THIS PLS dms closed
-
Mololuwa | Cybersecurity - (The God Complex) (@cyber_rekk) reportedA former Microsoft security employee found critical vulnerabilities in Windows Reported them internally Microsoft deleted their accounts Ignored the reports, Refused to pay the bounties So Nightmare Eclipse went public Seven exploits since April, Timed to drop within hours of Patch Tuesday — the one day defenders are already overwhelmed processing other patches BlueHammer. RedSun. UnDefend. YellowKey. GreenPlasma. MiniPlasma. RoguePlanet Three of them, BlueHammer, RedSun, UnDefend , were picked up by real threat actors and used in live intrusions before Microsoft finished patching them RoguePlanet has no CVE. No patch Dropped June 9. Works on fully patched Windows 10 and 11 Confirmed independently by ThreatLocker Microsoft's response: flagged the blogs. took down the GitHub threatened criminal prosecution The cybersecurity community responded with fury and vexation Microsoft backed down Nightmare Eclipse released RoguePlanet the same week Microsoft built a bug bounty program specifically to prevent this sequence of events They ignored the reports Every Windows machine on earth is currently running an unpatched SYSTEM-level privilege escalation vulnerability Because Microsoft didn't pay a bounty Microsoft respect your bug bounty hunters
-
SoEmailSecurity (@Soemailsecurity) reportedSource: Public GitHub Issue Could Trick GitHub Agentic Workflows Into Leaking Private Repo Data
-
paydird (@paydird) reportedOne more point that matters more than the “automatic documentation” angle: OpenWiki is really addressing the context architecture problem for coding agents. A lot of teams keep stuffing architecture notes, APIs, conventions, and module relationships into AGENTS.md or CLAUDE.md. Once the repo grows, those files turn into massive context dumps that agents have to reread on every run. OpenWiki flips that model: Repo → Structured Wiki → On-demand Retrieval → Coding Agent It generates a separate repo wiki and leaves only a lightweight reference inside the agent instruction file. The agent pulls the pages it needs instead of loading the entire knowledge base every time. Also, it does not literally watch every code change in real time. It can run through a scheduled GitHub Action, inspect new commits and *** diff, then update the affected wiki pages. So the more accurate way to think about it is: not just a documentation generator, but a continuously maintained repository context layer for coding agents. That is probably the most interesting part of OpenWiki.
-
Vikas Kumar (@Kumar_Vikas__) reportedspent 4+ hours today building a 650+ lines of plan. not the project plan. a plan for the plan. back and forth with my ai agent. tech stack, architecture, file structure, features, security, SEO, performance, all of it. not detailed yet. just a high level mini plan for each piece. the idea is simple. this meta-plan becomes the map. then i go section by section. for every mini plan, i'll write a proper design spec. then an implementation plan. then i actually build it. so the real order looks like this: - plan of plans - pick one piece - design spec for that piece - implementation plan for that piece - build it - repeat for next piece zero code written today. 🔗dropping the full doc as a github gist in the comments, in case anyone wants to steal the structure. felt slow while doing it. feels fast now that it's done. curious how other people sequence this. do you plan the whole thing first or just start building and fix the map as you go.
-
Max Chepurin (@maximchepurin) reported@Bobliuuu @mattpocockuk They are only listed there once there is some credible evidence that attackers are actually exploiting vulnarability not just cuz someone noticed potential security issue. At least thats how the one that you sent works(CVE catalog) Now consider this: - You install a package in your project. - You run your usual vulnerability scanner. Everything looks good. - You become the first person to encounter malicious code in that package. - You report it, it’s verified, and it becomes a known issue, but only after someone (you) already shipped it to production. - here comes the question again: why didnt you review the code manually? My argument is that simple. People blindly trust vulnerability scanners. They trust github. They trust popular opensource packages and any other pieces of software without reading a single line of code. But when it comes to AI-generated code, suddenly everyone acts like trusting it is fundamentally different and that every line must be reviewed. Double standard. Reviewing is important. And doing regular checks on the most inportant spots of your codebase is essential. But for everything else - you can build your harness, skills, hooks, guardraíls, to make AI generate code that already meets your standards without having to worry about every single line. Why not take this advantage? Its not 2022 when you copypasting snippets back and forth from chatGPT, AI can own your codebase now if you build the proper harness around it.
-
Alex Yumashev (@jitbit) reported-Picked a Github Issue -Wrote a detailed spec for an agent -Ran "caffeinate" and went out for a run Came back and Claude is like: -Dude you already fixed this last week, apparently forgot to close the issue
-
Adetunji | Software Engineer (Web & Mobile) (@itzadetunji1) reported@eliana_jordan Last week but it was hell to use it I hated the experience and github copilot was slow
-
Chuck Reynolds (@ChuckReynolds) reportedHey @jdevalk I use seo-graph in @astrodotbuild and I'm throwing a PR to fix v7* dep warnings and CI tests. Check it out; lmk if it's all good. I've been using it with 7.0.x since release and functionality is all good. github: jdevalk/seo-graph/pull/61
-
Xavier Rivera (@XavierRiveraX) reportedGitHub Agentic Workflows can be manipulated into leaking private repo data through a public issue comment, no credentials or org access needed. Noma Security named the prompt injection technique GitLost. The feature is still in preview.