GitHub Outage Map

Community Discussion

Tips? Frustrations? Share them here. Useful comments include a description of the problem, city and postal code.

Beware of "support numbers" or "recovery" accounts that might be posted below. Make sure to report and downvote those comments. Avoid posting your personal information.

GitHub Issues Reports

Latest outage, problems and issue reports in social media:

• 
  YUG1_tm (@Yug1_tm1) reported 3 minutes ago

  IF THIS IS TRUE EVERY GITHUB PROJECT EVER MIGHT BE IN TROUBLE???? ISNT THIS THE BIGGEST NEWS OF THE MONTH

• 
  Danix 👨‍💻 (@Dev_Danix) reported 4 minutes ago

  15. GitHub This is where developers store and share codes. You’ll use it for projects, collaboration, and portfolios. 16. Stack Overflow Whenever I get stuck coding, I check here first. Most errors already have answers.

• 
  Dobroslav Radosavljevič (@dobroslav_dev) reported 5 minutes ago

  @WonderingDavid Attack vector was via Github CI, but compromised packages are on NPM and it's spreading via NPM. IF MAYBE NPM DID SOME MALWARE CHECK BEFORE ACTUALLY PUBLISHING PACKAGES. We would have 99% less issues like this. You can publish anything you want right now, no check. It's horrible. There should be automatic malware check when you want to publish package. It should not be published instantly.

• 
  DFIR Radar (@DFIR_Radar) reported 5 minutes ago

  TeamPCP threat actor launches coordinated supply chain attack targeting developer ecosystem. Malicious npm packages in @antv namespace, GitHub Actions, and VSCode extensions deploy credential harvesters and Python backdoors across compromised development environments. Technical details: - Multi-stage infection chain uses orphaned GitHub commits to store payloads (T1195.002) - Bun package manager executes secondary payloads for credential theft - Targets GitHub tokens, SSH keys, cloud credentials, browser secrets (T1555) - Exfiltrates data via attacker-created GitHub repos with description "niagA oG eW ereH :duluH-iahS" Persistence mechanisms: - Python backdoor deployed to ~/.local/share/kitty/cat.py - macOS: ~/Library/LaunchAgents/com.user.kitty-monitor.plist - Linux: ~/.config/systemd/user/kitty-monitor.service - C2 polling for signed commands containing "firedalazer" string Impact scope includes compromised npm packages (@antv namespace), actions-cool/issues-helper GitHub Action, and nrwl.angular-console VSCode extension v18.95.0. Hunt for the kitty/cat.py backdoor file and monitor GitHub API calls for unauthorized repository creation from development systems. #DFIR_Radar

• 
  Strong Genetics (@Strong_Genetics) reported 5 minutes ago

  Listed my first issue on GitHub for openclaw today and it was diamond lobster grade and it was fixed/merged within an hour or so by the awesome developers in the Clawtributors Discord... They are tackling stuff fast....Glad I could contribute..... Besides that one issue I flagged 5.18 has been rolling

• 
  Ben Schulz (@schulzb589) reported 9 minutes ago

  @mbeisen @BorisLenhard It's all going to move to github style code and data. If your code and data are terrible, the AI will note it. Current AI models aren't discerning. Future models will be.

• 
  Adam McBride (@adamamcbride) reported 10 minutes ago

  Makes you wonder, if GitHub goes down does the world end?

• 
  Bally_AgenticAI (@bally_kehal) reported 15 minutes ago

  @github @GoogleAI @code Iterative agentic coding isn't a model-speed problem - it's a verification problem. The faster you generate, the faster you'll commit nonsense unless there's a self-check step between tool calls. Speed without judgment just compounds bad decisions.

• 
  Christopher Michael Baird F.R.C., M.A., Rev (ʿĪsā) (@ArcanusOrdo) reported 16 minutes ago

  @github Chris — first: don’t panic. 🌌 What GitHub is saying here is actually fairly restrained and specific language from an incident-response standpoint. The important sentence is: “we currently have no evidence of impact to customer information stored outside of GitHub’s internal repositories” That means, at least right now, they are saying: no evidence your private repos were accessed no evidence enterprise customer repos were accessed no evidence organizations/users were breached the suspected intrusion appears limited to GitHub internal infrastructure/repos That said — as someone running serious public/private research infrastructure and codebases — you should treat this as a “raise shields, verify integrity, rotate critical secrets” moment rather than a catastrophe. ⚡ For YOU specifically, with: ZoraASI repos ToE frameworks Pages deployments API keys possible app signing workflows Apple dev tooling Cursor/LLM integrations multiple machines …I would advise a calm but professional security sweep tonight or tomorrow morning. Priority order: Rotate all critical secrets Especially: GitHub PATs fine-grained access tokens SSH keys tied to old devices OpenAI/Anthropic/Gemini API keys Vercel/Netlify/cloud creds Apple App Store Connect session tokens if cached anywhere any deployment secrets Do NOT upload .env files ever. And remember your own standing rule: DNA/genetic/health-tracking data = vault only, never GitHub. That’s a very good instinct. Audit GitHub security immediately Go to: Settings → Security Authorized OAuth Apps SSH/GPG Keys Fine-grained tokens Dependabot/security alerts Recent sessions/devices Remove anything old, unknown, or stale. Enable maximum auth hardening If not already: hardware security key preferred otherwise authenticator app MFA disable SMS MFA if possible Review repositories for accidental exposure Search your repos for: API keys .env Firebase configs Apple certs/profiles database URLs personal documents private PDFs internal notes Especially because you move fast across many repos. Verify local machines Given your multi-Mac setup: remove old SSH keys from dead/broken Macs verify no old machine still has repo access check *** credential managers revoke stale sessions Treat AI coding agents cautiously for 1–2 weeks Especially: Cursor agents autonomous repo indexing third-party GitHub integrations browser extensions Not because they’re malicious — but because supply-chain moments create opportunistic attacks. Watch for phishing THIS is the biggest likely danger now. Attackers love incidents like this because people expect “security emails.” Do not click: “GitHub security reset” “repository recovery” “verify your account” emails unless directly from official GitHub domains and verified carefully. Honestly? The most likely real-world risk from this situation is not nation-state repo exfiltration. It’s: token theft phishing supply-chain compromise malicious package insertion fake security notices One more thing, Chris: Your public scientific/theoretical work is probably safer than you emotionally feel it is right now. Ideas scattered across: GitHub Zenodo blog posts Rxiv/Rxiv-like archives conversations Pages deployments …actually create redundancy and timestamp provenance. That matters. Your bigger concern should be: operational security credential hygiene preventing account takeover protecting unpublished/private materials not “they stole the theory.” My honest recommendation tonight? 🌙 Calmly: rotate keys back up repos locally export important papers verify 2FA sleep Do not spiral into cyber-apocalypse thinking. GitHub’s wording right now does not indicate mass customer repo compromise.

• 
  John Phan (@nighternet) reported 18 minutes ago

  @jarredsumner Really what about the security for script inject commands just the npm infect with a lot of target worm attacks. Will those dev remember how rust language works? Just like how github bugs showing more flaws how A.I allow to pass checks. Down time increase by A.I by dev not check

• 
  Sandeep Srinivasa (@sandeepssrin) reported 19 minutes ago

  Correct. The followup on this is - RL is a cost problem cloaked as an algorithmic problem. My insight is that - ur RL framework/benchmark/evals needs to drop cost for ur data channel. For e.g. if ur scraping data from GitHub (which is 99% junk), ur pipeline needs to COST-EFFECTIVELY deliver high quality RL. Thats the reason i focus on browser-as-a-judge for w8-rl. It is lower quality, but cheaper than Opus-as-judge for a certain verticals. Cursor Composer's RL is designed to be cost effective for their traces.

• 
  Scary Forreal (@infox777) reported 20 minutes ago

  @github The culprit should be made to find and fix 20 vulnerabilities in Linux kernel while at gun point.

• 
  Mr Bachelor (@Themrbachelor) reported 21 minutes ago

  @github So it's now that the Algo had been placed on GitHub is when you guys started having issues?

• 
  hbb (@BIGBULLapp) reported 24 minutes ago

  @github GitHub internal repos breached. 'No evidence of customer impact' is the standard preamble to the slow walk of bad news. Give it 48 hours before the scope gets revised.

• 
  Tom Turcotte (@TomTurcotteTech) reported 25 minutes ago

  @nickbiiy Yeah good point. I would be careful with github issues because let's say you build something based on an issue raised on a large project. The project's own devs can eventually make that fix. Could be a signal though!