In November, GitHub experienced three incidents affecting service availability.
November 17 Incident (16:52 UTC, lasting 2 hours 16 minutes)
Between 16:52 and 19:08 UTC, Dependabot and GitHub Container Registry (GHCR) were affected.
Root Cause: Dependabot was hitting a rate limit in GHCR and was unable to complete about 57% of jobs within SLO.
Resolution: GitHub lowered the rate at which Dependabot started jobs and increased the GHCR rate limit.
Preventive Measures: GitHub is adding new monitors and alerts to help prevent this in the future.
November 18 Incident (20:30 UTC, lasting 1 hour 4 minutes)
Between 20:30 and 21:34 UTC, all Git operations (SSH and HTTP), raw file access, and dependent products were affected.
Root Cause: An expired TLS certificate used for internal service-to-service communication.
Resolution: GitHub replaced the expired certificate and restarted impacted services.
Preventive Measures: GitHub updated alerting for expired certificates, is performing an audit of other certificates, and is accelerating efforts to eliminate remaining manually managed certificates.
November 28 Incident (05:59 UTC, lasting 2 hours 24 minutes)
Between 05:59 and 08:24 UTC, Copilot’s Claude Sonnet 4.5 model was affected.
Root Cause: A misconfiguration deployed to an internal service, which made Claude Sonnet 4.5 erroneously listed as unavailable.
Resolution: GitHub reverted the configuration change.
Preventive Measures: GitHub is working to improve cross-service deploy safeguards to prevent similar incidents.