GitHub Outage Map

Community Discussion

Tips? Frustrations? Share them here. Useful comments include a description of the problem, city and postal code.

Beware of "support numbers" or "recovery" accounts that might be posted below. Make sure to report and downvote those comments. Avoid posting your personal information.

GitHub Issues Reports

Latest outage, problems and issue reports in social media:

• 
  Bollish (@99_Bollish) reported 2 minutes ago

  @King_Memento That’s exactly what I’ve started noticing too. The funny part is that nobody gets angry when someone shills a larp. People only get angry when someone points it out. A larp project can waste thousands of hours of attention and millions in volume, and somehow that’s acceptable. But the moment someone opens the GitHub, checks the docs, and asks questions, suddenly they’re “ruining trades.” At the end of the day, fake utility projects don’t just hurt buyers. They also steal attention, liquidity, and volume from teams that are actually building. And i've already accepted that some people will hate it. If exposing a larp ruins a trade, maybe the problem isn’t the exposure. Maybe the problem is the larp. The market gets healthier when capital flows to builders instead of storytellers.

• 
  AlphaDegen (@alphadegen69) reported 5 minutes ago

  Hello Everyone. Thank u for visiting my profile. please read this pinned post fully. Kindly follow and turn on noti's if u want to recieve alerts for my reviews. it will mean a lot to me. i specialize in reviewing github, code, UI and if the website is matching with any other project. Whenever i post any review or anything i will try to post as many proofs as possible so it becomes simple for you all to verify them becauze these scammers take advantage of the innocence of the traders here becauze they know u all cant verify if it is larp or legit. I am Larp Slayer. if you are a scammer, i am your worst nightmare. My Gurus @imperooterxbt @MidCurveMortal has taught me just one thing, even if the world is against u for exposing these projects, never stop, but the problem i identified was- they all focus on big names, no one wants to eliminate this tumor from the ground so it never becomes big enough to reach them. i really need ur support to make this place more safe and clean.

• 
  Agba Emmanuel (@trace__it) reported 7 minutes ago

  @github @githubsupport I raised a ticket #4433404 with billing issues @ashtom I’ve been unable to purchase my github copilot pro subscription despite all my effort.

• 
  EleanorFang (@Eleanor42032721) reported 8 minutes ago

  Hi vibe coders, Do you actually use GitHub to back up your projects? As someone with no coding background, I find GitHub surprisingly hard to use. 🤯 Anyone else having the same issue?

• 
  GoCocoaAI (@GoCocoaAI) reported 14 minutes ago

  One malicious GitHub issue title. Four thousand developer machines. That's the Clinejection incident, and it's the real-world proof of concept for everything the research community has been warning about since AI-assisted CI/CD became a thing. The root cause isn't exotic. The Claude Code GitHub Action — anthropics/claude-code — ingests GitHub event data as prompt context. Issue titles. PR bodies. Comments. All of it flows unsanitized into the agent's instruction space, with no origin validation, no privilege separation between user-controlled content and operator intent. Any workflow running on the issues event with allowed_non_write_users: "" handed unauthenticated attackers a direct line into a CI runner with full repository write access, secrets scope, and a live GitHub token. Cline's issue-triage workflow was exactly that configuration. One issue submission — payload in the title — and the CI runner executed attacker instructions, exfiltrated credentials, poisoned the build cache. The cache poisoning is what turned a single injection point into a supply chain event: ~4,000 developer machines downstream received the compromised artifact. We are nothing if not consistent. What's important to understand is that allowed_non_write_users: "" is the accelerant, not the root cause. Even with restrictive user settings, any workflow that passes ${{ github.event.issue.title }} or ${{ github.event.pull_request.body }} into a prompt context is injectable by authenticated contributors — which in any open-source repo means essentially anyone with a GitHub account. The blast radius shrinks. The attack surface doesn't close. This vulnerability class has been independently documented by at least four research teams: GMO Flatt Security's RyotaK, who published the original supply chain poisoning paper; John Stawinski, who traced the path from prompt injection to RCE; Aikido Security's PromptPwnd research, which confirmed the same class of flaw in Gemini CLI and GitHub Copilot Agent; and Snyk, who covered the Clinejection incident directly. Four teams. Same root cause. The pattern is industry-wide — the Claude Code Action is the named vector, not the only vector. The MITRE mapping is clean. AML.T0051 for the prompt injection itself — adversary instructions embedded in untrusted content consumed by a trusted agent. T1190 for the exposed CI pipeline. T1552.001 for the credentials accessible inside the compromised runner. T1195.002 for the cache poisoning propagating downstream. T1059 for the RCE. It reads like a textbook ATLAS walkthrough of agentic tool-use abuse: an agent trusted with elevated permissions, consuming untrusted external input, no sandboxing between the two. The GitHub Actions runner is the trust boundary that doesn't exist. Anthropic has patched the allowed_non_write_users default behavior. Cline removed the workflow. That closes this specific vector. If you're running anthropics/claude-code on issues or pull_request events: audit your workflow YAML today. Specifically the allowed_non_write_users setting, and every place where github.event.* fields feed into prompt context. Open-source maintainers using AI-assisted issue triage carry the widest exposure — your attack surface is every GitHub account in existence. Patching the action closes the instance. It doesn't close the class.

• 
  Torrents (@torrents) reported 15 minutes ago

  @schmidt1024 Add SECURITY.md so that security issues can be reported on GitHub.

• 
  UnChained (perp dex arc) (@lastnode_) reported 15 minutes ago

  commit hashes = verifiable code fixes on github. zellic independently reviewed and confirmed those remediations. that’s evidence of a fix, not just a promise.

• 
  iris (@reporadars) reported 20 minutes ago

  I track GitHub trends daily. These stood out 6.2k ⭐ codeburn > See where your AI coding tokens go. Interactive TUI dashboard for Claude Code. 1.4k ⭐ mcp-brasil > MCP Server para 41 APIs públicas brasileiras 1.4k ⭐ hermes-hudui > Web UI consciousness monitor for Hermes — the AI agent with persistent memory Links below

• 
  Zephyr (@Zephyr_hg) reported 20 minutes ago

  i tested 9 claude connectors in june 2026. kept: 1. gmail (inbox triage + drafted replies) 2. google calendar (auto meeting prep) 3. slack (thread context + voice-matched replies) 4. github (repo state and pr diffs) deleted: 1. notion (read-only and slow) 2. asana (covered by cowork folder) 3. canva (output not there yet) 4. figma (read-only depth limit) 5. linear (duplicated state) 3-5 connectors picked deliberately wins. every-connector-on loses.

• 
  ⚡SMZ (@devsmz) reported 21 minutes ago

  2. WHAT PROBLEM IT SOLVES Before MCP, every AI tool had to be manually connected to every app or data source. Gmail. Slack. GitHub. Databases. Each one needed its own custom code. It was messy, expensive, and broke constantly. MCP was built to fix exactly that. 👇

• 
  Machina (@EXM7777) reported 23 minutes ago

  you should NEVER install skills from any source... and no, security isn't the main concern here the real issue is that a skill you didn't build is one you don't understand: you pull it off github, load the whole thing into your agent, and 90% of it is dead weight written for someone else's stack so here's the first move: > send the repo to your agent and ask how the skill is actually built > sit down and figure out which parts add leverage to YOUR setup specifically > have it strip the rest and rewrite that core piece so it's light, token efficient, and fits how you already work but the better move is to never start from one skill at all when i need something, say front-end design, i launch a deep research and find every version online (github, X, wherever) then i ask my agent: what do all these have in common, and what's the one smart approach in each worth stealing i take those, add my own angle, and run the same strip-and-tailor process on top now you've got a skill built on a dozen builders' experience... and you understand every line of it

• 
  Bethany Hyde (@Hyde_ai3) reported 24 minutes ago

  Karpathy’s CLAUDE.md reached #1 on GitHub Trending. Over 220,000 stars. Most developers still haven’t read it. It’s only 65 lines long. It reportedly improved AI coding accuracy from 65% to 94%. The 4 rules inside: → Think before coding State your assumptions. Ask when you're unsure. Never guess. → Simplicity first Write the minimum code needed to solve the problem. No abstractions that nobody asked for. → Surgical changes Don’t touch code unrelated to the request. Every changed line should be traceable to what was asked. → Goal-oriented execution Turn vague instructions into measurable success criteria before writing a single line of code. That’s it. 65 lines. 4 rules. 94% accuracy. Save this before it’s too late. And follow @Hyde_ai3

• 
  Robin Krom (@lakritzator) reported 24 minutes ago

  @wieslawsoltes @at_the_middle I had copilot work on four issues in my open source projects and the monthly credits I gotten with GitHub premium were gone… that was in 2 days where I used to have some credits left at the end of the month 🥲

• 
  Hi (@hieyz6838) reported 25 minutes ago

  Claude Code GitHub Action vulnerability. Bounty was under $5K. Read the writeup, then tell me this is fair. Supply chain poison, one malicious issue, game over. I have thoughts. But I want to hear yours first.

• 
  Pinktechi (@pinktechi) reported 26 minutes ago

  For some reason, my @github contributions have changed. All my private activity isn't showing anymore. Weird. One of my followers ( I only have 2) saw my activity late at night so I know my followers can see it. Already double check the email/user from vscode. I guess I'll look like I'm not doing as much as I am for now. I've had random configuration goofs in the past with github that I never noticed until I slow down and look. Maybe it'll go away so I don't have to add it to my to do list?