Back

GitHub Faces Critical Challenges Amid Outages and Leadership Issues

Severity: High (Score: 65.2)

Sources: Cryptobriefing, Theverge, www.theinformation.com

Published: 2026-05-21 · Updated: 2026-05-21

Keywords: github, microsoft, survival, developers, platform, struggles, amid

Severity indicators: pla, outage

Summary

GitHub, owned by Microsoft, is experiencing severe operational challenges, including a significant increase in outages and security vulnerabilities. In the first half of 2025, the platform recorded 109 incidents, a 58% rise from the previous year, leading to over 330 hours of downtime. Notably, a major outage in February 2026 disrupted critical features like GitHub Actions and Copilot. A recent security incident involved the compromise of internal code repositories due to a poisoned VS Code extension. The leadership turmoil following the resignation of CEO Thomas Dohmke has exacerbated internal dysfunction, with many employees leaving for competitors. This instability threatens major projects that rely on GitHub, particularly in the cryptocurrency sector, where development velocity is crucial. GitHub's struggles have raised concerns among developers about its reliability as a code hosting platform. Key Points: • GitHub recorded a 58% increase in outages in the first half of 2025, totaling over 330 hours of downtime. • A major outage in February 2026 affected critical features like GitHub Actions and Copilot. • Leadership instability following CEO Thomas Dohmke's resignation has led to a talent drain and internal dysfunction.

Detailed Analysis

**Impact** GitHub’s outages and security incidents have affected thousands of developers globally, including major blockchain projects like Uniswap and Compound, which rely on the platform for code hosting. In the first half of 2025, GitHub recorded 109 incidents, a 58% increase year-over-year, resulting in over 330 hours of downtime. These disruptions have delayed protocol upgrades, security patches, and feature launches, increasing attack surfaces for DeFi projects managing billions in total value locked. The operational impact extends across multiple sectors, notably open-source software and blockchain development communities worldwide. **Technical Details** A critical security incident involved the compromise of GitHub’s internal code repositories through a “poisoned” VS Code extension installed on an employee’s device, representing a supply chain attack vector. Additionally, a remote code execution vulnerability was disclosed, though specific CVEs were not detailed. The outages have affected core services such as GitHub Actions, pull requests, notifications, and Copilot features, indicating disruptions at multiple stages of the software development lifecycle. No explicit IOCs or malware names were provided in the sources. **Recommended Response** Organizations should monitor GitHub service status closely and prepare contingency plans for critical development workflows, including considering alternative platforms like GitLab or self-hosted solutions. Developers must audit and restrict VS Code extensions, especially those installed on devices with access to sensitive repositories. Security teams should track disclosures related to GitHub’s remote code execution vulnerabilities and apply patches promptly once available. Continuous monitoring for unusual repository activity and employee endpoint security hygiene should be prioritized.

Source articles (3)

  • GitHub struggles for survival amid outages and leadership turmoil, and crypto developers ... — Cryptobriefing · 2026-05-21
    The platform that hosts code for Uniswap, Compound, and thousands of blockchain projects recorded 109 incidents in the first half of 2025, a 58% increase year-over-year. GitHub, the platform where the…
  • Microsoft Executives Sound Alarm Githubs Eroding Ai Lead — www.theinformation.com · 2026-05-21
  • GitHub faces a fight for its survival at Microsoft — Theverge · 2026-05-21
    When Microsoft announced it was acquiring GitHub in a $7.5 billion deal in 2018, developers were nervous . Some were concerned Microsoft controlling GitHub, and others were taking a wait-and-see appro…

Timeline

  • 2025-01-05 — 109 incidents recorded in first half of 2025: GitHub experienced a 58% increase in outages compared to the previous year, totaling over 330 hours of downtime.
  • 2026-02-09 — Major outage disrupts GitHub services: A significant outage knocked out GitHub Actions, pull requests, notifications, and Copilot features.
  • 2026-04-01 — Performance degradation incident: GitHub reported a separate incident that caused performance degradation, taking down code entirely.
  • 2026-05-21 — Leadership turmoil following CEO resignation: Former CEO Thomas Dohmke's resignation has led to ongoing talent drain and operational challenges at GitHub.

Related entities

  • Data Breach (Attack Type)
  • Malware (Attack Type)
  • Supply Chain Attack (Attack Type)
  • GitHub (Platform)
  • MySQL (Platform)
  • VS Code Marketplace (Platform)
  • theverge.com (Domain)
  • [email protected] (Email)
  • T1195 - Supply Chain Compromise (Mitre Attack)
  • Azure (Company)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed