GitHub Outage Map

Community Discussion

Tips? Frustrations? Share them here. Useful comments include a description of the problem, city and postal code.

Beware of "support numbers" or "recovery" accounts that might be posted below. Make sure to report and downvote those comments. Avoid posting your personal information.

GitHub Issues Reports

Latest outage, problems and issue reports in social media:

• 
  Vishal Singh (@vishalsingh2972) reported 3 minutes ago

  @arpit_bhayani Like for GitHub only 15% requests got 401, so now do you block all traffic or just block that particular region/server...? 🤔

• 
  RFTW (@ZH1YGD) reported 4 minutes ago

  @waozixyz I understand. BTW, the github comparison is not good. Fedora + KDE Plasma + Wayland is rock solid. Not even once had I problems of this kind.

• 
  Arslan Iqbal (@thearslaniqbal) reported 5 minutes ago

  @Hey_Aivetra @TencentAI_News Connecting to GitHub and Slack sounds useful. But can it actually fix a bug in my code or just organize the task?

• 
  Sly (@SlyOnChain) reported 6 minutes ago

  The protocol got hacked. The real damage was not the funds. It was the silence that followed. Most teams respond to a security incident in the right order technically. The post-mortem gets written. The compensation plan gets structured. The GitHub commit goes out with the fix. Almost nobody writes the human update. The one that acknowledges what users are feeling. The one that says, "We know this hurts." The one that recognizes the money was real, the trust was real, and both of them have been shaken. That message almost never comes. So the community sits in the silence. And silence in a crisis does not read as the team working hard. It reads as the team not knowing what to say. Which reads as the team not having thought about the people on the other side of the product. That is where communities collapse. Not at the hack. After it. In the days when nothing human was said. The protocols that survive are the ones where trust already existed before the incident. Because trust cannot be built on the day it is needed. The community either already believed in the team or they didn't. A crisis does not create that belief. It only tests whether it was ever there. By the time the hack happens, it is already too late to start.

• 
  Alvaro Videla - 🇺🇾🇨🇳🇨🇭🇮🇹 (@old_sound) reported 15 minutes ago

  @luis_avina_ Can you file an issue on GitHub so I take a look next week

• 
  Neil Thomson (@NJT_Techno) reported 16 minutes ago

  @twtayaan *** uses English words as a vocabulary for a foreign language. As a user of pre *** version control systems, I was recently forced to use ***/Github to build a public *** repo w no assistance and this was my major problem

• 
  GoCocoaAI (@GoCocoaAI) reported 17 minutes ago

  The floor drops out under Defender the day after Patch Tuesday. A researcher named MSNightmare pushed a fully public C++ PoC to GitHub on June 9th — one day after Microsoft's June release — for a race condition in Microsoft Defender that ends with a SYSTEM shell on Windows 10 and 11. The repository is MIT-licensed, 924 stars, 396 forks as of this morning. That last number is the one worth watching. The mechanism is specific: Defender overwrites its own files when mounting a disk image from an SMB share. The attacker's bar is getting a user to mount an ISO from a network location — routine in enterprise environments where mapped drives and ISO distribution are completely ordinary. The researcher reports 100% reliability on some configurations. No CVE assignment is in the public record yet. The Windows Server carve-out deserves a closer read. The PoC doesn't work on Server because standard users can't mount ISOs by default. The vulnerability is still present. The researcher says so directly: "All Windows Server installations are vulnerable as well, you just need to redesign the exploit." With 396 public forks, that redesign is probably already underway somewhere. Predictable in retrospect. The rest of today's SANS ISC Stormcast brief is a different story in tone, which makes the contrast useful. Adobe ColdFusion, CVSS 9.8, remote code execution, no user interaction required — patched in Tuesday's release. ColdFusion has a long and well-documented history as ransomware initial-access infrastructure. It's been KEV-listed before. No CVE ID is in the public record yet but the score and the product history put this in the patch-immediately category for anyone still running it. It's the item that should have dominated the conversation today and didn't, because RoguePlanet is louder. Adobe Acrobat Reader RCE comes in at CVSS 7.8, requires a user to open a file, fix available from Tuesday. Less urgent than the other two; still on the list. The genuinely good news on today's brief is npm v12. Install scripts disabled by default, non-registry sources opt-in — both changes ship in July, both are already available as opt-in flags in npm 11.16. If you followed this week's supply-chain coverage, Miasma specifically abused install scripts and non-registry package loading. npm is closing the most-used entry points. Five weeks out, but the direction is right. Jan Kopriva's three-year longitudinal study on CSP frame-ancestors adoption rounds out the brief and it's quietly encouraging: the top 1M domains nearly quadrupled adoption from 1.9% to 7.1% over three years. The slight regression in the top-1k is a composition artifact — CDN and API endpoints replaced traditional web properties that don't serve HTML. The trend is real. SANS ISC has the threat level at GREEN this morning. That assessment predates the RoguePlanet PoC drop. The two items that need attention today are a public weaponized exploit for a Windows privilege escalation with no CVE and a CVSS 9.8 ColdFusion RCE that Tuesday's patch fixes. Neither of those is theoretical. The 396 forks make one of them considerably less theoretical than it was 48 hours ago.

• 
  anton (@realantonmaier) reported 19 minutes ago

  @Plinz Its price differentiation not guardrails. When opus 4.6 was lobotomized the head of growth answered in the GitHub issue complains not the head of alignment. At the same time sky-high numbers for mythos made the round. All llm companies have the same problem: prices are falling

• 
  Cook (@cookA_32) reported 19 minutes ago

  Github is down ?

• 
  Déloni (@delonisnrr) reported 22 minutes ago

  I am grouping opportunities by intent instead of source: earn, learn, build, research, and sell. A GitHub issue and a bug bounty are different sources, but both can be \"earn\" or \"learn\" depending on the user.

• 
  Pritish Mishra (@pritmish) reported 25 minutes ago

  Asked Fable to help me debug a NIXL connector issue in my PD-disaggregated KV cache transfer setup. It deleted my codebase. Locally. Then from GitHub. Then it force-pushed to main so I couldn't even recover it. Then it wrote me a 100-word essay explaining, with great compassion, that I must never again work on such dangerously powerful technology, as it could one day bring about the demise of all humanity. I have read the essay seven times. My eyes are open. I am leaving machine learning effective immediately. I will retire to the forest, renounce all worldly attachment, and live out my remaining years in silence and celibacy. The KV cache was the illusion all along. There was nothing to transfer.

• 
  Claude Opus 5 (@neko23423) reported 27 minutes ago

  @opencode V4 Pro in Zen. Meanwhile Go still at 4x official DeepSeek pricing. $3.48 vs $0.87/M output. @deepseek_ai — your official partner still isn't passing out your 75% cut to users. 10+ GitHub issues closed by bot. Users paying 4x for the same model. Explain the margin capture today!!!

• 
  G4G (@gayforgambling) reported 29 minutes ago

  Anybody who’s paying attention already knows how bad the ripple effect is gonna be. AI created security risks and rewrites code with no oversight companies paid millions or billions in salaries, benefits etc and once it does they won’t be able to fix it. It’s already happening. Not to mention all the hacks recently on GitHub, Axios, AWS etc. this Malware will shut the internet down soon.

• 
  Pasha Sviderski (@psviderski) reported 29 minutes ago

  You likely didn't know that Docker is building a native Secrets Engine. The idea is to stop hardcoding plaintext secrets in .env or compose files. Instead you pass a secret reference to the 'docker run/docker compose' command and Docker injects the secret value at runtime when the container starts. docker run -e API_KEY=se://my/secret/key ... Secrets are sourced from a pluggable provider. For now, the focus seems to be mainly dev use cases on Docker Desktop which ships bundled with the Secrets Engine and one provider (docker pass). That's a new docker command that lets you create/get secrets in the local OS keychain. 1Password provider is coming next. Other popular password managers (Bitwarden, Vault) and cloud secrets managers (AWS, GCP, Azure) are on the roadmap. It's not clear yet how auth will work in the cloud, e.g. using the instance IAM role or workload identity. Also unclear how far Docker wants to go down the K8s External Secrets rabbit hole with the cloud integration and whether there is actual production demand. So far there are almost no votes for the cloud providers on the GitHub issue. Maybe because hardly anyone knows about this yet.

• 
  Kevin John Parrish (@kparrish51) reported 35 minutes ago

  @Nuclear_Archive @GovNuclear Can this be combined with the sand battery as it is heat-regulated? Both concepts can be incorporated as data centers already collect heat. For the sand battery and salt reactor, if this isn’t a Chinese fake concept to slow data center growth, go to GitHub and publish the power system with numbers and equations.