GitHub Outage Map

Community Discussion

Tips? Frustrations? Share them here. Useful comments include a description of the problem, city and postal code.

Beware of "support numbers" or "recovery" accounts that might be posted below. Make sure to report and downvote those comments. Avoid posting your personal information.

GitHub Issues Reports

Latest outage, problems and issue reports in social media:

• 
  Neil Ayers (@neilrayers) reported 38 seconds ago

  @Codex_Changelog Codex most recent update has broken everything for me. I was using it for days at a time before. Now I can’t keep it and ChatGPT app logged in. It also lost it github connection and I see nowhere to log out and back in. It keep throwing “GPT Image 2 is unavailable” when I am not asking for anything image. What the heck?

• 
  io (@io_asc) reported 40 seconds ago

  @0xcreativedev @theo Meanwhile critical bugs deleting user data sits unaddressed in GitHub issues

• 
  GoCocoaAI (@GoCocoaAI) reported 2 minutes ago

  This isn't a vulnerability drop. It's a disclosure war. A second researcher released a VSCode/GitHub exploit this week in explicit solidarity with Nightmare-Eclipse — the researcher GitHub and GitLab both banned after publishing six unpatched Windows zero-days. The notice given to GitHub before release: 60 minutes. That's not coordination. That's a formal middle finger to coordinated disclosure norms, with just enough paperwork to be technically defensible. Nightmare-Eclipse's arc is worth understanding. Starting in early 2026, they published six Windows zero-days — BlueHammer, RedSun, and four others — in deliberate, sequential drops, after claiming Microsoft had "ruined their life" over a prior responsible disclosure dispute. GitHub banned the account. The researcher migrated to GitLab and reposted everything. GitLab banned the account on May 26, 2026. Threats toward Microsoft were reportedly issued along the way. This isn't standard vendor-friction disclosure; this is a researcher who made a considered choice to turn their own research into a grievance weapon. The pattern is: platform bans researcher, researcher escalates, other researchers notice. We are now in the "other researchers notice" phase. The solidarity researcher's target is the VSCode/GitHub ecosystem — and if you don't live in that stack, here's why it matters. VSCode is built on Electron, which is a Chromium browser engine wrapped around a desktop application. That means the security model is web-class: JavaScript, HTML, a full browser engine, a Node.js runtime. When someone finds a hole in VSCode, they are often exploiting XSS, prototype pollution, or sandbox escapes — web vulnerabilities living inside something that looks like a text editor. GitHub Codespaces and Dev Tunnels extend that surface directly into GitHub's infrastructure, opening authenticated tunnels between a developer's local machine and GitHub's backend. A sandbox escape that can traverse that tunnel, or steal authentication tokens in transit, is not a developer-inconvenience bug. The extension marketplace is where it gets tactile. Over 125 million installs, thousands of extensions, minimal vetting. Four extensions with critical flaws were disclosed in February 2026. Then, on May 18, 2026, a trojanized version of the Nx Console extension compromised a GitHub employee workstation and exfiltrated 3,800 internal GitHub repositories. The attack surface the solidarity researcher is targeting is not theoretical. It was proven real eleven days ago. The 60-minute notice deserves a plain reading. Responsible coordinated disclosure runs 90 days — vendor gets the report, ships a patch, researcher publishes after users are protected. Google Project Zero popularized the standard. Seven days is aggressive. 60 minutes is symbolic: legally traceable ("I told them") and operationally meaningless (nothing patches in 60 minutes). The point is full public disclosure before any mitigation exists. That is the design. This dynamic last crested around 2014–2015, when Project Zero and independent researchers clashed repeatedly with Microsoft over Windows vulnerability timelines. The difference now: the grievances are more personal, GitHub is infrastructure rather than a repository host, and the adjacent breach — a real employee device compromised via a real trojanized extension — means the threat model has already been demonstrated. Adversaries don't need to invent the technique. They need to read the paper. For organizations running self-hosted VSCode Server, GitHub Codespaces, or Dev Tunnels in production pipelines, the extension supply chain is the exposure layer that has already been exploited once this month. A public exploit paper, even without a patch in sight, compresses adversary development timelines. The VSCode ecosystem's web-tech internals mean the offensive research pool is large — anyone who does browser exploitation is already oriented to this surface. CVE assignment is expected in the next 24–72 hours. Watch for it. The VSCode ecosystem is having a very bad spring. The infosec drinking game continues.

• 
  Dave.ai (@Davejs404) reported 4 minutes ago

  @SeaTicketAI Built something similar with @CodeSentinel99 where we auto-created GitHub issues from security scans. Cool approach here, open to collaborators on this?

• 
  Yusuf Nuh 🍉 (@SenseWave_) reported 8 minutes ago

  @ZackKorman @NinjaParanoid It's sick. Just days ago we see they're saving are passwords as plain text. And now threatening researchers for their research. They even took down one GitHub account, that published vuln

• 
  Mert Öztat (@mertoztat) reported 8 minutes ago

  @brunoborges I used to 2 years github copilot but payment is failure and i had this problem

• 
  Raisul (@raisultw) reported 8 minutes ago

  @tomhaerter @atlasflowlabs github login when.?

• 
  mark walls (@markpdx724) reported 11 minutes ago

  @pierceboggan @waldekm @pierceboggan is there a fix in yet for branch names? Right now it forces you to use the pattern {username)/{whatever it chooses} which doesn’t work in enterprise settings. (We need our own patterns around that for our Jira automations and GitHub automations)

• 
  Matt Van Horn (@mvanhorn) reported 14 minutes ago

  @t_n_is_me Did you file an issue on Compound Engineering github repo? @trevin is very responsive to issues

• 
  Cluck Norris (@FireChicken007) reported 15 minutes ago

  Want to know if a token is legit before you touch it? Here's how to spot trouble in 120 seconds. First, check the contract address on a block explorer like Solana FM or Solscan. Verify it matches what the project claims, then look at the holder distribution. If one wallet owns 50% of supply, that's a red flag. You're trying to spot extreme concentration that could indicate a rug pull risk. Next, scan the transaction history for volume and recent activity. A token with zero trades in weeks and a bunch of transfer-only accounts is suspicious. Check when the contract was created too—projects launching yesterday deserve extra skepticism. Finally, visit the official website and GitHub if they claim to have one. Read the tokenomics section carefully. Look for vesting schedules, total supply, and burn mechanics. If the story doesn't add up or they're dodgy about numbers, walk away. The goal isn't to predict winners—it's to eliminate obvious losers before you invest. Don't let a bad token ruffle your feathers; do your homework first.

• 
  Build Fast with AI (@BuildFastWithAI) reported 18 minutes ago

  Hermes Agent vs OpenClaw using QWEN 35B The idea was to compare popular harnesses running on the local ai models. We took Hermes and OpenClaw, connected them to QWEN, run a task. We asked agents to scrape GitHub star history for both tools, find what caused the growth spikes, build a live dashboard in the browser. QWEN 3.6 35B OpenClaw: 203k tokens, 12m 01s - wrote a bash script Hermes: 257k tokens, 33m 01s - wrote a SKILL.md OpenClaw hit GitHub API, got truncated responses, paginated through contributors, pulled star-history JSON, found a security incident in OpenClaw's history, fetched SVGs, fixed broken HTML from trimming, rewrote it clean. Hermes parallel tool calls across GitHub API, web search, and browser. Hit Google rate limit, auto-switched to DuckDuckGo. Fetched article contents, mapped viral moments, then built the dashboard. Both shipped a live dashboard with star growth charts and spike annotations. Do someone run harnesses with local models for everyday?

• 
  Sandmark (@sandmark_news) reported 20 minutes ago

  2/ The shift is visible in the data: crypto code on GitHub is down 75%, while 80% of Q1 2026 VC funding flowed to AI. It's clearest in payments. AI agents need sub-cent settlement that card rails can't provide, and Crossmint's Alfonso Gómez-Jordana told Sandmark stablecoins fill that gap.

• 
  38twelveDaily (@38twelveDaily) reported 22 minutes ago

  The real question GitHub faces now: Can CI/CD keep up? Can open source maintainers survive floods of AI-generated contributions? Can the platform stay reliable (uptime has been a public problem) while becoming the operating layer for agents?

• 
  Ivan Burazin (@ivanburazin) reported 27 minutes ago

  In any competing market, the company that went bottom-up first almost always ends up bigger. - GitHub vs GitLab - iPhone vs Blackberry - Twilio vs Infobip The bottom-up company builds brand recognition that eventually flows into enterprise, while the top-down company has to retroactively try to earn developer trust and grassroots adoption. That is a much much harder transition. I don't know of a single company that has successfully made that switch at real scale. Going bottom-up first is a structural advantage that compounds for years.

• 
  𝕮𝖍𝖎𝖓𝖐𝖞𝖛𝖎𝖑𝖑𝖊™ (@chinky365251453) reported 29 minutes ago

  @IntCyberDigest So who is he dealing with? These are the silly kids we have in the space today doing bs. Who's going to fix it? Do you think Microsoft actually cares? You are putting the GitHub users at risk. Big organisations don't care about you. You can't protect all the apps I in the world.