GitHub header
Incident with API Requests
Incident Report for GitHub
On December 26, 2023, GitHub received a report through our Bug Bounty Program demonstrating a vulnerability which, if exploited, allowed access to credentials within a production container. We fixed this vulnerability on the same day and began rotating all potentially exposed credentials. Through this process we found some flaws in how we rotate certain credentials and are working on improving our credential rotation process. More detail can be found on our blog:
Posted Dec 29, 2023 - 18:33 UTC
With a mitigation deploying, we see recovery in most API requests and are continuing to monitor full rollout and mitigation.
Posted Dec 29, 2023 - 18:31 UTC
Secret Scanning and potentially other APIs are returning 500 error responses. We're working on a mitigation.
Posted Dec 29, 2023 - 18:21 UTC
We are investigating reports of degraded performance for API Requests
Posted Dec 29, 2023 - 18:17 UTC
This incident affected: API Requests.