1. Home
  3. Companies
  5. GitHub
GitHub

GitHub status: access issues and outage reports

Problems detected

Users are reporting problems related to: website down, errors and sign in.

Full Outage Map

GitHub is a company that provides hosting for software development and version control using Git. It offers the distributed version control and source code management functionality of Git, plus its own features.

Problems in the last 24 hours

The graph below depicts the number of GitHub reports received over the last 24 hours by time of day. When the number of reports exceeds the baseline, represented by the red line, an outage is determined.

May 20: Problems at GitHub

GitHub is having issues since 03:40 AM EST. Are you also affected? Leave a message in the comments section!

Most Reported Problems

The following are the most recent problems reported by GitHub users through our website.

  • 62% Website Down (62%)
  • 21% Errors (21%)
  • 18% Sign in (18%)

Live Outage Map

The most recent GitHub outage reports came from the following cities:

CityProblem TypeReport Time
Tlalpan Sign in 5 days ago
Quilmes Website Down 5 days ago
Bengaluru Website Down 7 days ago
Yokohama Sign in 8 days ago
Gustavo Adolfo Madero Website Down 12 days ago
Nice Website Down 13 days ago
Full Outage Map

Community Discussion

Tips? Frustrations? Share them here. Useful comments include a description of the problem, city and postal code.

Beware of "support numbers" or "recovery" accounts that might be posted below. Make sure to report and downvote those comments. Avoid posting your personal information.

GitHub Issues Reports

Latest outage, problems and issue reports in social media:

  • Morzignis_Zero
    ManM-z15-MoM-z14 (@Morzignis_Zero) reported

    @github I literally gave you the solution to fix this and you retards are still crying

  • Westy_Dev
    Westy💾 (@Westy_Dev) reported

    Okay, so NPM is breached, Github is breached, Railway is down completely. Yeah, this is ******. These are core services to the internet.

  • Satoshi_Talks
    Satoshi Talks (@Satoshi_Talks) reported

    🚨 BREAKING: GitHub has confirmed a breach of its internal repositories The attacker compromised an employee device through a poisoned Visual Studio Code extension. From that single endpoint, they pivoted into internal GitHub repos, dumped secrets, and walked out with what they claim is around 4,000 private repositories of source code and internal organization data. The threat actor, TeamPCP, listed everything for sale on the Breached forum yesterday with a floor of 50,000 dollars. Their stated terms are blunt. One buyer, no negotiation, and if no one pays the entire dataset gets leaked for free. GitHub says it removed the malicious extension version, isolated the device, rotated critical secrets, and activated incident response. The company maintains there is currently no evidence of impact to customer repositories, enterprises, or organizations stored outside its own internal infrastructure. The attack vector is the part worth sitting with. This was not a flaw in GitHub the platform. It was a poisoned extension in the VS Code marketplace, executed on a developer laptop, used to reach everything that laptop could reach. The same week, two popular GitHub Actions workflows (actions-cool/issues-helper and actions-cool/maintain-one-comment) were compromised through tag manipulation to exfiltrate CI/CD credentials, and a critical RCE vulnerability in GitHub itself, CVE-2026-3854, was patched after researchers showed it could be triggered with a single *** push. Three separate incidents, one consistent message. The platform is hardened. The supply chain around it is the soft target. For anyone building on GitHub right now, the immediate checklist is simple. Audit installed VS Code extensions. Pin GitHub Actions to commit SHAs rather than tags. Rotate any tokens, deploy keys, or secrets that could have touched a compromised environment in the last two weeks.

  • EagleEyesCrypto
    🦅 (@EagleEyesCrypto) reported

    if you believe agents will install and run code on their own, you need a package layer that isn’t built for human devs. @Nipmod is exactly that. npm for agents, sitting on top of gitlawb (the github for agents). verified packages, DID-signed ownership, MCP server live. real product, not a deck. 28 verified packages, 388 claimable drafts, working CLI + MCP server for codex / claude code / opencode. gitlawb = github for agents nipmod = npm for agents

  • PingStruggles
    Max (@PingStruggles) reported

    @JinjingLiang @github The new meta is to be down.

  • __roycohen
    Roy (@__roycohen) reported

    It's the year 2027. You wake up, Github got hacked for real this time. All credentials got swiped. No problem, you self host now. Checked your Gmail, only 5 phishing emails in the inbox, no big deal. Check the GCP bill, sigh of relief as it's only $50k, not 500k

  • BlockzillaTech
    blockzilla (@BlockzillaTech) reported

    attack vector was simple: employee installed a malicious extension. once inside, they pulled internal source and org files. Github says customer repos weren’t touched (but how many have been done on the same exploit), but that’s not the real issue. the real issue is whatever secrets, keys, and tokens were sitting in those internal repos, im sure its rough day in the trenches rotating everything...

  • Sewattube
    Rodger Dodger (@Sewattube) reported

    @OrdinaryGamers If I was in charge of GitHub I would be updating my résumé. Constant stream of problems.

  • LGrapenthin
    Leon Grapenthin (@LGrapenthin) reported

    @github You are absolutely right. That code path DID grant unauthorized users access to internal repositories, and I should have let you know in advance. Here is how to fix it in three easy steps right now (works in 2026):

  • DottChen
    Dott (@DottChen) reported

    @github @ClaudeDevs give these poor guys in GitHub access to Mythos so they can fix it

  • jahmohne
    jahmohn (@jahmohne) reported

    @github And VS Code can **** off - shut down the ai, extensions and do it like unix based jedis did and shut off the ******* extensions ********. And fk the telemetry @Microsoft ********. Put you fks in check. christ. and it it nigh b.

  • _mateic
    matei (@_mateic) reported

    @zo0r @Railway @neondatabase Their cloud provider (GCP) blocked their account and then dragged their feet on incident response. Hardly the same category of issue that would warrant this public shaming. Are you not equally upset with Github, Cloudflare, AWS, and GCP? Or have you not been roasted there yet?

  • codingwithburak
    burak 🇹🇷🐧💻 (@codingwithburak) reported

    @chalish_b something is off this night💀 - railway had an outage over gcp - meta broke whatsapp - and github just dropped this bomb...

  • loftwah
    Loftwah (@loftwah) reported

    @SlayerofApples @Yetee_ GitHub is a lot more than just a *** server though.

  • Ivanv1
    IvanV1 (@Ivanv1) reported

    Here is why this is a huge problem: • Internal IP & secrets exposed: 3,800 internal repos likely contain proprietary code, architecture, tools, and (possibly unrotated) credentials that attackers can weaponize against GitHub or its customers. • Supply-chain risk: GitHub is infrastructure for millions of developers. Compromised internals can lead to backdoors in future features, Copilot, Actions, or enterprise tools. • Trust erosion: A major platform got breached via a simple trojanized VS Code extension — it signals weak internal controls and raises doubts about their security posture.

  • Zero2HeroZombie
    Fabio (@Zero2HeroZombie) reported

    GitHub was compromised via a poisoned VS Code extension on an employee device. Internal repositories were exfiltrated: attacker’s claim of ~3,800 repos is consistent with their investigation so far. Cybersecurity is a huge issue. This is why I am tracking $ICP on a daily basis. It offers a higher standard of security.

  • bekamakhar
    Beka Makharoblishvili (@bekamakhar) reported

    GitHub just got hit through a poisoned VS Code extension. Not surprising. Developers trust their workflow tools more than anything else. That’s the real attack surface. I’m building Branchpost, which asks you to connect your repo. This is exactly why most devs won’t click that button. Not because the product is bad. Because the trust isn’t there yet. So the real problem isn’t “AI blog generation”. It’s proving: – I can’t break your repo – I don’t touch your code – you stay in control That’s the bar now.

  • KMCrypton
    KM 🔶 Crypton (@KMCrypton) reported

    @github Please fix quickly

  • JoelAbenhaim
    Joel Abenhaim (@JoelAbenhaim) reported

    @hackbard @github GitHub is safe. They got hacked and they will fix this security hole. They got bad press though, they will lose custumers.

  • luminxbt
    Lumin (@luminxbt) reported

    A backend engineer replaced his entire GitHub workflow with GPT-5.5 and now he commits production code by voice while making coffee. He used to spend 22 to 34 minutes per feature just on boilerplate. He wrestled with merge conflicts. He wrote commit messages that said "fix stuff" because documentation felt like punishment after 6 hours of debugging. His monthly GitHub activity sat at 140 commits with 31% flagged for lacking context during team review. He built Jarvis on GPT-5.5 and wired it directly into his local repository through GitHub API. What his team sees in the commit log now is not rushed one-liners or missing docstrings or half-finished test coverage. It is production-grade code with full context annotations generated in 47 seconds without him touching the keyboard. Here is what runs during that sub-minute pipeline: → Engineer says "Jarvis commit user authentication refactor" while pouring his second espresso → GPT-5.5 scans the working directory at /Users/dev/project-delta and identifies 8 modified files → Agent cross-references changes against 340 previous commits to understand project evolution → Writes descriptive commit message with bullet points explaining what changed and why → Generates inline code comments for 14 functions that had zero documentation → Runs automated test suite and flags 2 edge cases the engineer missed during manual review → Pushes commit to feature branch with PR template pre-filled including breaking changes section → Posts summary to team Slack channel with diff preview and estimated review time Every commit follows team standards. Every docstring uses consistent formatting. Every PR includes context that makes code review 4x faster. The person running this setup writes 19 commits per day compared to his previous 6. He closes 83% of his PRs on first review because the agent catches what he used to miss at 11 PM when his brain stopped working. He did not hire a technical writer. He did not attend documentation workshops. He did not install commit message linters or force himself to care about standards when shipping urgent fixes. The agent intercepts every *** command and ensures quality without blocking flow. I have seen 52 junior developers get performance improvement plans because their commit history looked like random save points in a video game. I have seen 37 senior engineers spend 11 hours per week just cleaning up *** history and rewriting commit messages before quarterly reviews. Now the entire version control layer runs on 1 voice command and produces commit logs that pass audit requirements without human intervention. The question nobody is addressing in engineering Slack channels: if GPT-5.5 can manage *** workflow this well, what happens to the 340,000 developers currently employed just to maintain codebases? Because 11 months ago this same model could not diff code accurately or understand project context across branches. Now it is writing commit messages with historical awareness and documentation quality that exceeds what most humans produce under deadline pressure. The bootcamp graduates who just pushed their portfolio projects with "initial commit" and "updated files" messages are not starring this repository and I understand why.

  • Syntax_Serrano
    Eli Serrano (@Syntax_Serrano) reported

    Github got hacked and Railway is down, **** this I'm building hardtech next

  • 0xDEADBEEFCAFE
    Ricardo B�nffy - (@0xDEADBEEFCAFE) reported

    @sethwbarton @github I’ve used Gitlab a lot over my career. It works well enough. But the compromise was achieved via a poisoned VSCode extension, and I guess this will make our work laptops to be further locked down. Mine is already unreasonably limited. I expect hosted VScode to reduce surface.

  • yayriri
    yeri (@yayriri) reported

    Day 3 of finding AI agents buried in GitHub and giving them a face. First target: ai-hedge-fund by @virattt 58K+ stars. 19 AI investors - Buffett, Burry, Cathie Wood, Munger - all analyzing the same stock and debating buy/sell/hold. [📷 1] The repo [📷 2] Me breaking it down in OpenClaw [📷 3] The face I built -- localhost GUI Built two versions of this one. V1: full local install. Clone, API keys, localhost. Real financial data V2: opens in Claude. No install. Web search powered

  • quote_direct
    direct_quote (@quote_direct) reported

    @anshuc @github slow clap...

  • ChilliDoor
    David Jennings (@ChilliDoor) reported

    I just remembered that MS owns GitHub and by extension NPM, so basically all of these issues ultimately stem from MS incompetence.

  • SyedUmairCodes
    Syed Umair Ali (@SyedUmairCodes) reported

    @2600Hz_ @github I got this email as well, I don't use github with my MSlop account but got a login otp.

  • esatoshiclub
    Satoshi Club (@esatoshiclub) reported

    🚨 BREAKING: GitHub has confirmed a breach of its internal repositories. The attacker compromised an employee device through a poisoned Visual Studio Code extension. From that single endpoint, they pivoted into internal GitHub repos, dumped secrets, and walked out with what they claim is around 4,000 private repositories of source code and internal organization data. The threat actor, TeamPCP, listed everything for sale on the Breached forum yesterday with a floor of 50,000 dollars. Their stated terms are blunt. One buyer, no negotiation, and if no one pays the entire dataset gets leaked for free. GitHub says it removed the malicious extension version, isolated the device, rotated critical secrets, and activated incident response. The company maintains there is currently no evidence of impact to customer repositories, enterprises, or organizations stored outside its own internal infrastructure. The attack vector is the part worth sitting with. This was not a flaw in GitHub the platform. It was a poisoned extension in the VS Code marketplace, executed on a developer laptop, used to reach everything that laptop could reach. The same week, two popular GitHub Actions workflows (actions-cool/issues-helper and actions-cool/maintain-one-comment) were compromised through tag manipulation to exfiltrate CI/CD credentials, and a critical RCE vulnerability in GitHub itself, CVE-2026-3854, was patched after researchers showed it could be triggered with a single *** push. Three separate incidents, one consistent message. The platform is hardened. The supply chain around it is the soft target. For anyone building on GitHub right now, the immediate checklist is simple. Audit installed VS Code extensions. Pin GitHub Actions to commit SHAs rather than tags. Rotate any tokens, deploy keys, or secrets that could have touched a compromised environment in the last two weeks.

  • LetemburnED
    Letemburn (@LetemburnED) reported

    @Grummz @PotionDweller yea because they TOTALLY have better security than github 🙄 everything can be hacked, a private server is even more vulnerable than this little "breach"

  • Mappl3s
    Marcus (@Mappl3s) reported

    @Polymarket GitHub keeps having issues

  • ooogiboogie
    0xStuff (@ooogiboogie) reported

    GitHub got hacked on their internal stuff and now Railway is completely down lmao my whole deploy is dead, been sitting here refreshing status pages all night like a idiot this some clown world sabotage or what? fix your **** already man Obama do something!!!