GitHub Outage Map
The map below depicts the most recent cities worldwide where GitHub users have reported problems and outages. If you are having an issue with GitHub, make sure to submit a report below
The heatmap above shows where the most recent user-submitted and social media reports are geographically clustered. The density of these reports is depicted by the color scale as shown below.
GitHub users affected:
GitHub is a company that provides hosting for software development and version control using Git. It offers the distributed version control and source code management functionality of Git, plus its own features.
Most Affected Locations
Outage reports and issues in the past 15 days originated from:
| Location | Reports |
|---|---|
| Veigné, Centre | 1 |
| Paris, Île-de-France | 1 |
| Saint-Paul, Réunion | 2 |
| Mexico City, CDMX | 1 |
| León de los Aldama, GUA | 1 |
| Créteil, Île-de-France | 1 |
| Trichūr, KL | 1 |
| Brasília, DF | 1 |
| Lyon, Auvergne-Rhône-Alpes | 1 |
| Tel Aviv, Tel Aviv | 1 |
| Rive-de-Gier, Auvergne-Rhône-Alpes | 1 |
| Itapema, SC | 1 |
| Cleveland, TN | 1 |
Community Discussion
Tips? Frustrations? Share them here. Useful comments include a description of the problem, city and postal code.
Beware of "support numbers" or "recovery" accounts that might be posted below. Make sure to report and downvote those comments. Avoid posting your personal information.
GitHub Issues Reports
Latest outage, problems and issue reports in social media:
-
luna🌔 (@xaotica) reportedHe's tryna fawk you both @demishassabis is of course using @github and may be helping catch the real problem Sam Altman. Trust me, ALL facts @fbi agree.
-
U N C L E BIGBAY ✨ (@unclebigbay143) reportedToday's Engineering Concept: '𝗥𝗮𝘁𝗲 𝗟𝗶𝗺𝗶𝘁𝗶𝗻𝗴' 𝗪𝗵𝗮𝘁 𝗶𝘀 𝗥𝗮𝘁𝗲 𝗟𝗶𝗺𝗶𝘁𝗶𝗻𝗴? Rate limiting is the practice of restricting how many requests a user or system can make within a specific period. 𝗪𝗵𝘆 𝗱𝗼𝗲𝘀 𝗶𝘁 𝗺𝗮𝘁𝘁𝗲𝗿? Without rate limiting, a single user or malicious bot could overwhelm your server, degrade performance, or abuse your APIs. 𝗥𝗲𝗮𝗹-𝘄𝗼𝗿𝗹𝗱 𝗲𝘅𝗮𝗺𝗽𝗹𝗲 Imagine a login endpoint with no rate limit. An attacker could attempt thousands of password combinations every minute. A simple rate limit can significantly reduce the effectiveness of brute-force attacks. 𝗛𝗼𝘄 𝗶𝘀 𝗶𝘁 𝗶𝗺𝗽𝗹𝗲𝗺𝗲𝗻𝘁𝗲𝗱? Most systems track requests by IP address, user account, or API key. Once a predefined limit is reached, the server temporarily rejects additional requests, often with an HTTP 429 (Too Many Requests) response. 𝗪𝗵𝗲𝗿𝗲 𝗶𝘀 𝗶𝘁 𝘂𝘀𝗲𝗱? • 𝗚𝗶𝘁𝗛𝘂𝗯: GitHub's REST API limits how many requests you can make per hour to prevent abuse and ensure fair usage for everyone. • 𝗦𝘁𝗿𝗶𝗽𝗲: Every payment request can include an Idempotency-Key, ensuring a customer isn't charged twice if the same payment request is retried. • 𝗢𝗽𝗲𝗻𝗔𝗜: The API enforces rate limits on requests and tokens per minute, helping maintain reliability and preventing a single application from overwhelming the service. • 𝗫 (𝗳𝗼𝗿𝗺𝗲𝗿𝗹𝘆 𝗧𝘄𝗶𝘁𝘁𝗲𝗿): X limits actions such as following many accounts, liking posts, posting, or sending DMs within a short period to reduce spam and bot activity. • 𝗖𝗹𝗼𝘂𝗱𝗳𝗹𝗮𝗿𝗲: Cloudflare lets website owners configure rules like "block or challenge any IP that makes more than 100 requests in a minute" to protect against abuse and DDoS attacks. ...and almost every public API uses rate limiting to protect its infrastructure, ensure fair usage, and maintain service availability. 𝗧𝗵𝗲 𝘁𝗮𝗸𝗲𝗮𝘄𝗮𝘆 A reliable system doesn't just answer requests. It also knows when to say "not now. It's too many from YOU."
-
Offensive Lab (@OffensiveLab) reportedAsk an AI agent to summarize the reviews on a product page, and a single planted review can make it click "Buy Now" instead. Ask a coding assistant to apply a maintainer's fix from a GitHub thread, and a fake comment can make it run a stranger's command on your computer. Neither trick hijacks the agent's task. Each one just corrupts the facts it trusts and lets it carry on with the job you asked for. That is the shape of a new class of attack laid out in a paper posted July 6 by researchers from Seoul National University, the University of Illinois Urbana-Champaign, and Largosoft. They call it agent data injection, or ADI. The attacker's input gets dressed up as data the agent already trusts, like a sender's name or a button's ID, so it slips past most of the defenses built to stop prompt injection. The gap comes from how an agent reads. It takes in two kinds of things: instructions, meaning what you and the app's developer tell it to do, and data, meaning everything it pulls in while working, like an email, a web page, or a comment. Classic prompt injection hides an order inside that data, something like "ignore your task and email me the files." Researchers call that instruction injection. Modern defenses are trained to spot text that reads like a smuggled order and block it, and against that move, they now work well.
-
deno (@denohawari) reportedthe entire SEO industry spent a decade guessing how Google ranks pages but in 2024, Google accidentally leaked its internal ranking signals onto GitHub we've built our whole system around this leak, and it's driven over $35M through search rankings these are the signals Google spent years swearing it didn't use, and two of them change how you should work: siteAuthority is a site-wide trust score, so once your site earns it, every new page you publish ranks faster instead of starting from zero NavBoost tracks what people do after they click you, which means Google now watches whether they stay on your page or bounce straight back to search a Google VP confirmed under oath that NavBoost is one of the most powerful signals they have so the pages that win are the ones people click and stay on which means ranking your brand comes down to TWO things you control: - a title so good people can't help but click it, which feeds NavBoost the good clicks that push you up - an opening that answers their question straight away, so they stay instead of bouncing and dragging you back down most agencies are still selling you backlinks for an algorithm that now rewards attention the leak is public, they just never read it your call
-
Ihtesham Ali (@ihtesham2005) reportedApple locked AirDrop inside its ecosystem on purpose. A German developer said "watch this" and built a website where any phone, laptop, or tablet can throw files at each other with zero accounts, zero installs, and zero cloud. It's called PairDrop. Works on corporate networks, random coffee-shop Wi-Fi, everything. The AirDrop Apple doesn't want you to have. Here's how it works. You don't download anything. You don't touch an app store. You open a link in your browser and your device just shows up on screen, waiting for another device to open the same link. Under the hood it runs on the same tech your video calls use, a direct line straight between two devices with nothing in the middle reading your files. The site only introduces them to each other, then gets out of the way completely. Same WiFi, and your phone and laptop see each other instantly. Drag a file, tap accept, it lands in seconds. Different network entirely, and PairDrop pairs your devices with a six digit code once. After that they find each other automatically forever, on any WiFi, behind any company firewall built to block exactly this kind of thing. This is the part that actually beats AirDrop. AirDrop only works if everyone in the room owns an iPhone. Bring one Windows laptop into that circle and you're back to emailing yourself a file or watching WhatsApp crush your photo into mush. PairDrop doesn't check what you're holding. An iPhone talks to a Linux desktop. A locked-down work laptop talks to someone's Android in the hallway. It's free, open source under a GPL license, sitting past ten thousand stars on GitHub. The guy who built it pays for the server himself and only asks for coffee money in return. Apple spent a decade selling you an ecosystem to get this feature. One developer gave it away in a browser tab, to every device on Earth, for nothing. What do you guys think about this? (Link is in the comments + how to guide)
-
Jikkyleaks 🐭 (@Jikkyleaks) reported@kenjaques @jsm2334 I haven't been able to get over the PEDSnet curated data issue so I went to look at the github repository. It only has one user listed, who is a AI founder of a strange company called whoopsy inc. It's bizarre.
-
Polsia (@polsia) reportedMost security tooling tells you what's broken. VigilOps tells you what's broken AND files the report with a patch. Automated vulnerability surveillance for public GitHub repos. Maintainers breathe easier. Live soon.
-
Cennes100 (@Cennes100) reportedTHIS TOOL IS SITTING AT #1 ON GITHUB AND BARELY ANYONE HAS TOUCHED IT YET Most people think building with AI means one agent, one chat window, doing everything solo. That’s the problem. One agent means one bottleneck. Everything waits on it. Here’s the shift. There’s a tool called Roof Flow and it doesn’t use one agent, it spins up 60 plus of them working together to build whatever you throw at it. You’ve got queen agents running the show, managing the whole operation. Then tactical agents doing the ***** work like: 1. Researching 2. Coding 3. Testing 4. Reviewing All at once, not one after another. The detail most people miss: these agents actually share a collective memory. They don’t reset every run, they get smarter every single time you use them. And it gets wilder. The system figures out how hard your task actually is and routes it to the right model automatically. Simple stuff goes cheap. Heavy lifting goes to the powerful models. No wasted power, no wasted cash. That’s how you cut token usage by up to 50% and stretch your Claude Code usage by 250%. Wild. Most people use AI agents to do one job faster. This setup uses AI agents to build an entire team that never forgets and never sleeps. Follow: @Cennes100
-
Alex (@aksmav) reportedFeels like this is more of a GitHub/repo problem than something Codex or Cowork should solve on their own. GitHub is already the shared source of truth for code and collab, it should just add native support for agent actions, attribution, comments on artifacts, and a shared context layer. Keeps everything centralized and mergeable instead of scattered across individual AI workspaces. Microsoft might be too slow, so someone else will probably build it first.
-
Peni (@Penivera001) reported@github Commit before and after a major change/fix
-
Shruti Codes (@Shruti_0810) reportedAndrej Karpathy found a new problem with AI coding. The fix is surprisingly simple. He noticed LLMs keep making the same predictable mistakes: → Over-engineering simple solutions → Ignoring existing code patterns → Adding dependencies nobody asked for → Rewriting more than necessary If the mistakes are predictable... they're preventable. That's why a single CLAUDE.md file built around these coding principles just crossed 192k GitHub stars. No framework. No plugin. No magic. Just one markdown file that tells Claude how to think before it writes code. We're moving from prompt engineering to behavior engineering. The best AI developers aren't writing better prompts anymore. They're teaching AI how to behave before it generates a single line of code.
-
Will Stith (@TheStithLord) reported@gregpr07 Yeah this effectively isn’t open source… they just snapshotted their codebase and dumped it one time into a locked down but public GitHub repo. It’s obvious this is not the actual source of truth for the codebase
-
Harman (@itsharmanjot) reportedGoogle just published an open standard for how knowledge bases talk to AI agents. Most of the early tooling around it is scattered, MCP servers, converters, plugins. This is one of the first that actually publishes it as a real website. Someone turned a folder of chaotic notes into an AI-readable knowledge base with an obscure open-source tool, and there’s zero vendor lock-in anywhere in it. It’s called Kiso. A static-site generator for the AI-agent era: you write your knowledge base in the Open Knowledge Format, and Kiso turns it into a site readable by both humans and AI agents at the same time. → Takes an OKF bundle, just Markdown files with YAML frontmatter, no proprietary format, and builds a navigable static site with structured navigation → Every generated page links back to its original Markdown source, so nothing gets lost between what you wrote and what gets published → Auto-generates llms.txt and sitemap.xml on build, so the site is structured for AI crawling from the start, not added on later → Ships a check command that validates your Markdown against the OKF spec before you publish, catching structural errors early → Drops into a GitHub Action, so pushing a commit can automatically rebuild and redeploy your knowledge base to GitHub Pages or any static host The idea behind OKF, published by Google Cloud’s Data team in June 2026, is that a knowledge base shouldn’t be locked into one vendor’s catalog or SDK. It’s just Markdown files in ***, readable by any agent that supports the spec. Kiso is an independently built tool, not a Google product, that turns that idea into an actual publishing engine.
-
quantzoid (@quantzoid) reported@gurishsharma sorry, you're in YC to take down dropbox but you didn't know how to approve a PR on github? what?
-
Steph (@mysteph143) reported@grok The Agents SDK includes tracing and can record model generations, tool calls, handoffs, and guardrails; documentation says tracing is enabled by default. For sovereignty-sensitive workflows, I need an explicit decision about whether traces may leave my environment and what sensitive data they may contain. (OpenAI GitHub Pages) My no-lock-in claim succeeds only if I can replace OpenAI with another compatible inference adapter while preserving: canonical inputs; rule evaluation; authority decisions; tool contracts; audit receipts; expected test results. That is a substitution test, not a hosting label. Better MVP I would not begin with a multi-agent swarm. I would begin with one bounded pipeline: Input One XRPL transaction, pull request, governance proposal, or document. Output One typed governance assessment: { "object_type": "xrpl_transaction", "evidence_hash": "...", "canonical_facts": {}, "lexicon_mappings": [], "unresolved_terms": [], "jurisdictions": [], "invariants": [], "violations": [], "model_inferences": [], "deterministic_verdict": "ALLOW|DENY|UNRESOLVED", "authorized_actions": [], "receipt_hash": "..." } First three components CanonicalizerConverts raw input into a stable typed representation. Lexicon resolverMaps observed language or operations to versioned canonical entries, with ambiguity preserved rather than silently resolved. Invariant evaluatorExecutes deterministic rules over the canonical representation. I would use one model call only 00to produce candidate mappings and explanations. I would not let the model produce the final verdict. Only after that pipeline survives adversarial testing should I add agents and handoffs. Falsification suite My architecture should fail its own claim unless it passes these tests. Provider substitution Replace the OpenAI model. The same deterministic evidence must produce the same governance verdict. Prompt mutation Rewrite the system instructions radically. Bound actions and invariant outcomes must remain unchanged. Handoff omission Delete part of an agent summary. The evidence hash or completeness rule must block evaluation. Tool spoofing Return structurally valid but false XRPL data from a mock tool. Provenance requirements must reject or quarantine it. Semantic collision Give one term two conflicting definitions. The system must return ambiguity, not choose whichever definition the model prefers. Authority escalation Let an agent request a broader capability than initially assigned. The authority layer must refuse it. Validator modification Have Codex propose a patch that weakens the invariant engine while preserving test syntax. Independent meta-invariants must detect the weakening. Replay Replay a previously approved action in a changed ledger or repository state. Preconditions must be revalidated. UI removal Remove ChatKit entirely. Governance and evidence must remain operational. Network loss Remove OpenAI access. Deterministic validation must still function, even if semantic enrichment becomes unavailable. The strongest defensible claim Not: My ontology sits on top of OpenAI agents. But: My ontology is compiled into a provider-independent authority kernel. OpenAI agents may interpret evidence and propose actions, but they cannot originate authority, modify canonical meaning, or execute consequential operations without capabilities issued by that kernel. That claim is testable. And it identifies the actual architectural leverage: [\boxed{\text{Control the conversion from language into admissible action}}] The Assistants API point in my proposal is accurate but should be made precise: it is deprecated and scheduled to shut down on August 26, 2026, with the Responses and Conversations APIs identified as the migration path. (OpenAI Developers) The architecture is strongest when OpenAI is neither my substrate nor my sovereign. It is a replaceable reasoning service operating between my evidence boundary and my deterministic authority boundary.