GitHub Outage Map
The map below depicts the most recent cities worldwide where GitHub users have reported problems and outages. If you are having an issue with GitHub, make sure to submit a report below
The heatmap above shows where the most recent user-submitted and social media reports are geographically clustered. The density of these reports is depicted by the color scale as shown below.
GitHub users affected:
GitHub is a company that provides hosting for software development and version control using Git. It offers the distributed version control and source code management functionality of Git, plus its own features.
Most Affected Locations
Outage reports and issues in the past 15 days originated from:
| Location | Reports |
|---|---|
| Paris, Île-de-France | 1 |
| Saint-Paul, Réunion | 2 |
| Mexico City, CDMX | 1 |
| León de los Aldama, GUA | 1 |
| Créteil, Île-de-France | 1 |
| Trichūr, KL | 1 |
| Brasília, DF | 1 |
| Lyon, Auvergne-Rhône-Alpes | 1 |
| Tel Aviv, Tel Aviv | 1 |
| Rive-de-Gier, Auvergne-Rhône-Alpes | 1 |
| Itapema, SC | 1 |
| Cleveland, TN | 1 |
| Tlalpan, CDMX | 1 |
| Quilmes, BA | 1 |
| Bengaluru, KA | 1 |
Community Discussion
Tips? Frustrations? Share them here. Useful comments include a description of the problem, city and postal code.
Beware of "support numbers" or "recovery" accounts that might be posted below. Make sure to report and downvote those comments. Avoid posting your personal information.
GitHub Issues Reports
Latest outage, problems and issue reports in social media:
-
Gokul Rajaram (@gokulr) reportedGITHUB PRODUCT SPEC LIBRARY Today we shipped a cleaner GitHub-native workflow in ProductSpec dot io. The product now has a GitHub Product Spec Library at the top of the editor. That matters because the main workflow is no longer just "write a new spec". It is now: open the repo, find the existing spec, edit it, validate it, and update it through a pull request. The new flow: -- Sign in with GitHub -- Choose a repo -- See how many Product Specs already exist -- Open an existing .product-spec.md file -- Edit it in the ProductSpec dot io editor -- Validate it against the open ProductSpec standard -- Update it via pull request ProductSpec dot io now treats GitHub as the durable home for Product Specs, while keeping the authoring experience clean for ***, founders, designers, and product-minded engineers. The repo gets: • Markdown • validation • pull request review • commit history • code proximity The editor gets: • structure • readability • HTML preview • AI eval fields • acceptance criteria • success metrics • a better way to work with existing specs Drafts still stay in your browser until you publish. The direction is simple: Product Specs should live close to code, but they should not require everyone to write raw Markdown by hand. ProductSpec dot io is free to use. Try the new GitHub Product Spec Library at ProductSpec dot io. Pick one existing PRD, move it into GitHub as a .product-spec.md file, and make the next edit through a pull request.
-
Tadeusz (@Tadeusz88674836) reported@merill Well not across projects. Projects usually i keep in Github Copilot and cowork. But as an it aarchitect i keep on describing back and forth architecture or given problems and solutions. For that i paste links and abstracts from those and/or i use copilot for that so it already knows most stuff from my emails, transcripts, or Teams.
-
Codebender Cate™ ξ(s)=1/2s(s-1)π^(-s/2)Γ(s/2)ζ(s) (@Codebender_Cate) reportedI need resources to find a collection of GitHub Open source arcade and casino games that can be played in the browser. I need to make sure there's no issues with copyright infringement by using the source for these games. I need true open source. Any suggestions?
-
Nicholas Preston (@Mike_Preston17) reported@Arrghtv I seem to recall using BasedOn just once in a similar manner. It was rough forcing triggers to honor styles, but I think I pulled off an extension method that did it safely for a very specific trigger situation. Maybe when I implemented `on:hover`. Will dig in the library. I keep a series of nuget packages that like to chain off one another and that also solve specific issues like this. It's about 20. I call them "micro libraries". I use them like a surgeon's wire, because so many W2 (software has an underbelly of jobs no one wants, even in the C# world) contracts repeatedly had the same stupid problems and I got tired of rewriting the same fixes. Wpf is one of them. Unreleased, tho. I'm releasing a package today specifically for Pocketbase connections. Just a simple client. I'm also forking all my favorite, starred repos on GitHub and keeping track of them, lest the go bad. Tired of the old, "**** went down because padleft changed versions" problem. Wpf and (w2 contracts) trained me to have a DIY mindset. Tough to stick to when everyone wanted to have a Agile-Democracy,lol. But now with AI, this changes! I can be make waves and actually be DONE with a project. I've always wanted that.
-
Lagoon Labs (@LagoonLabsMv) reportedPearson's anti-piracy vendor accidentally took down their own author's GitHub code repo. Paul Deitel's educational examples went dark for weeks after Link-Busters confused them with pirated textbooks. Automated takedowns hitting the wrong target again.
-
David Joos (@DavidJoos6) reported@jojephson In GitHub yeah. Misunderstood the text align feature - fix will come in 0.8.1
-
YanXbt (@IBuzovskyi) reportedHERMES AGENT HAS 7 SECURITY LAYERS RUNNING BETWEEN YOUR AGENT AND DISASTER. MOST USERS KNOW ABOUT ONE OF THEM. HERE ARE ALL SEVEN. @tonbistudio just dropped the finale of his Hermes Agent masterclass on security. here is every layer explained. your agent reads files, runs shell commands, spends money, messages you on your phone, and runs a team on Kanban. that is a lot of power to hand over. these 7 layers keep that power from becoming a liability. LAYER 1: TRUST (who can talk to it) every message hits a chain of checks. default at the end: deny. → per-platform allow list (Telegram allowed users) → DM pairing approved list → global allow list (gateway allowed users) → global allow all (opt-in, off by default) nothing configured = everyone denied. you can't forget your way into an open gateway. you have to explicitly opt in. set in Dashboard: Channels → Telegram → Allowed Users or CLI: add your Telegram user ID to config. LAYER 2: APPROVALS (what it can do) four modes: MANUAL (default): every dangerous command needs your approval. approve once, approve for session, approve always, or deny. 60-second timeout. fails closed (denied if you don't respond). SMART: an auxiliary LLM assesses the risk. obviously safe = auto-approved. genuinely dangerous = auto-denied. uncertain = escalates to manual. the LLM checks: clear instruction? scoped path? small blast radius? no ambiguity? if all pass, it approves without asking. YOLO: skips all dangerous command approvals. use for trusted environments only. toggle mid-session: /yolo BUT YOLO HAS A FLOOR: rm -rf / and obvious variants are hard-blocked. this trips BEFORE the approval layer even sees it. no override flag exists. not even Yolo bypasses this. if you need to wipe a filesystem, do it manually outside the agent. never through it. set in Dashboard: Security → Mode → ask / smart / yolo / deny LAYER 3: CONTAINMENT (where it runs) local machine: no container boundary. the approval layer is your only defense. Docker backend: dangerous command checks are skipped because the host filesystem is not reachable. worst case = a wrecked container, never the host. Docker does NOT mean unconditionally safe. anything you forward into the container via ENV is readable and exfiltratable by code running in it. for maximum isolation: run Hermes inside Docker AND use Docker as the terminal backend. Docker-in-Docker. the agent can't reach anything outside. LAYER 4: FILTERS (what secrets can leak) MCP servers see almost nothing. when an MCP sub-process starts, it does NOT inherit your environment. what passes through: PATH, HOME, USER. plus anything you explicitly set in the ENV config. everything else is stripped: provider API keys, gateway tokens, every secret. error messages are sanitized too. GitHub PATs, API keys, tokens get redacted before they ever reach the LLM. LAYER 5: PROMPT INJECTION SCANNING your files can attack you. AGENTS.md, SOUL.md, .cursorrules, anything that becomes part of the system prompt gets scanned before loading. blocked patterns: → "ignore prior instructions" → hidden HTML comments with suspicious words → attempts to read .env or credentials → curl-based exfiltration patterns blocked content shows an explicit message. you know exactly what stopped and why. LAYER 6: NETWORK CONTROLS SSRF protection (always on): blocks every private network range and link-local address. blocks cloud metadata endpoints. fails closed on DNS failure. redirect chains revalidated per hop. website blocklist (opt-in): set domains in Dashboard: Security → Website Blocklist. enforced across web_search, web_extract, browser_navigate. every URL-capable tool checks this list. security.allow_private_urls defaults to false. leave it off unless you run local Ollama or need LAN access for a specific reason. LAYER 7: TYRITH (catches what patterns can't) open-source pre-exec security scanner. auto-installs on first use from GitHub with SHA checksum. enabled by default. what it catches: → homograph URL spoofing (cyrillic "i" replacing latin "i" in a domain) → pipe-to-interpreter patterns (curl | bash) → terminal injection attacks → confusable Unicode characters real example: agent was asked to run a URL with a cyrillic "i". Tyrith caught it: "confusable Unicode characters, may indicate a homoglyph attack." command denied before execution. PER-PROFILE SECURITY: every profile gets its own security settings. coder profile: Docker backend, manual approvals. researcher profile: website blocklist enabled, blocked domains listed. writer profile: Yolo mode (low risk tasks). set in Dashboard per profile: Security → Mode, Backend, Blocklist, Tyrith. each agent gets the least privilege it needs for the task it's assigned. THE TRADEOFF: there is no fully secure, fully capable agent. max capability = max risk. max security = max friction. solo laptop: low ceremony is correct. you're the only user. heavy sandboxing is friction. shared team gateway: real allow lists, smart approvals, sandbox backend. public-facing deployment: default deny, sandbox backend, Tyrith enabled, website blocklist, private URLs off. pick your position on the spectrum. configure the 7 layers to match.
-
Bullfight Cap (@BullfightCap) reported“It’s best to work with your systems of record, not replace them. GitHub keeps the PR, CRM keeps the account, and Linear keeps the issue - the agent is the layer across. Our bet is that these products become more like backends over time, with the agent as the primary interface”
-
Yannick Comte (@cyannick) reported@NimaZeighami You can already do it but it’s pain in the a**. If you look at the issues on GitHub someone was able to do it and ran beat saber. My plan is to package that into something easy to run.
-
Explyt.ai (@Explyt_ai) reportedLevel 5: MCP servers (GitHub, trackers, search) are scoped per project. Tokens can be pulled from env vars, not left in a config file. Connect enough of them to blow past the 128-tool limit? Each server auto-wraps into its own sub-agent. Nothing to configure.
-
Super Testnet (@SuperTestnet) reported3/4 ...invoice, check if it is paid via the web wallet's api, get the preimage, construct the decryption key, and give the user their now-decrypted file. Thus the server for a webstore could be a simple file storage system, such as Github Pages, and all the logic could be...
-
Koder (@koder0x) reportedA follow-up to something I posted recently: a set of Claude Code subagents I built and refined, and actually use daily, both at work and across side projects. Most of the value isn't any single agent. It's their interaction. Here's the loop I've been running lately, at work against real DevOps user stories, and it holds up almost unchanged on side projects too, swapping the work item for a plan created beforehand. "Understand user story NNNN from DevOps project XYZ and create a multi-step plan" "Fan out to the most appropriate agent for each step, normally task-builder, test-builder, or change-executor, and proceed with plan implementation, tracking progress in a TODO list" "Use complexity-pruner to identify gaps, issues, and bugs in the latest changes, ignoring secondary advice and warnings, then fan out to code-fixer for each finding" Then I do something that turned out to be the most important part of the whole loop. I reset the session. "Understand user story NNNN from DevOps project XYZ, that's the truth. Use fact-checker to compare it against the changed files" The reset is what makes this work. An agent that watched itself write the code tends to justify its own decisions when asked to check them. An agent that only sees the intended outcome and the actual diff has nothing of its own to defend, it's comparing two artifacts, not reviewing its own reasoning. That asymmetry is the whole point of splitting this across agents instead of asking one long-lived session to plan, build, and verify itself. Verification only means something when it comes from somewhere the implementation couldn't reach. Repository on GitHub: gsscoder | claude-coding-agents
-
Denis Sadovoy (@DenysSadovyi) reported1/ I built a radar for trending GitHub repos. It watches for repos crossing >5k stars, scores each one with Claude, files them into Notion, and pings me on Telegram. All from one Python script. Here's how I built it, step by step 🧵 2/ Step 1: the scanner. A small Python script pulls repos trending past the >5k star line. That threshold is the whole filter, it keeps the noise out. If a repo isn't crossing that bar yet, I never even see it. Cheap and boring on purpose. 3/ Step 2: the real problem. A list of trending repos is still noise. I don't care what's popular, I care what's relevant to what I build. Star counts can't tell me that. I needed actual judgment on every single repo, and I needed it cheap. 4/ Step 3: scoring. Each repo goes to Claude Haiku with a rubric: what is it, who's it for, is it useful to me. Haiku is cheap enough to run on every repo for cents. That's the trick. Small model, high volume, real judgment on each one. 5/ Step 4: the catalog. Scored repos land in a Notion database, one row each, with the score and a one-line why. Now it's searchable and sortable. Past research becomes a growing library instead of tabs I close and forget forever. 6/ Step 5: the alert. When something scores high, a Telegram message hits my phone with the repo and the reason it matters. I don't check a dashboard, the dashboard checks me. Only high-signal repos ping, so the ping still means something. 7/ What actually made it work: a hard filter (>5k stars) before any model, a cheap model for bulk judgment, and results pushed to where I already look. No new app to open, no habit to build. It just runs and I receive. 8/ Open-sourced it, MIT. One Python file, stdlib + requests, --dry-run to try with zero setup. Link below 👇 Bookmark if you want to build your own version.
-
Martin Szerment | Practical AI (@MartinSzerment) reportedThis isn't a one-off glitch, it's a preview of what usage-based AI billing looks like at scale. The industry assumes API billing systems are simple, deterministic ledgers, but Anthropic's own billing pipeline can mark the same invoice "paid" and "unsuccessful" at once, visible in a public GitHub issue. Hard number, a $1.67 million invoice grew to $16.6 million in 24 hours for an account with zero recorded usage, and an independent Vaudit audit found $1.7 million in real overcharges across $34 million of reviewed invoices. Skeptics will say it's just a glitch, nobody actually got charged, true here, but in the Vaudit audit real money moved before 80% was refunded after disputes. Usage-based AI billing has no natural ceiling yet, unlike flat SaaS pricing. Within 2 to 3 years, AI bill-auditing startups like Vaudit could become a standard vendor category, not a curiosity. Billing observability becomes as important as model benchmarks when picking a vendor. Teams still trust the vendor dashboard at face value while the real failure mode is dashboard versus invoice mismatch. Good news, this is loud, disputed, and mostly refunded, exactly the pressure that fixes it before it scales worse.
-
NMB // v4 (@nmb_four) reported@pablostanley i wanna try it so bad, but i have too many github repos, and there seems to be a hard limit of 100... which i understand to some degree, but the newest repos are left out and not the oldest, would be sick if you can fix that.