GitHub November 2025: Three Incidents, One Lesson

TL;DR

• GitHub had three incidents in November: Dependabot rate limiting (2h 16m), expired TLS cert breaking all Git ops (1h 4m), and Copilot Claude Sonnet 4.5 misconfiguration (2h 24m)
• If you rely on Dependabot, Git operations, or Copilot, you may have hit these windows — check your logs
• GitHub is tightening monitoring, automating certificate management, and improving deploy safeguards

What Dropped

GitHub published its November 2025 availability report detailing three separate incidents that degraded service performance. The incidents ranged from 1 to 2.5 hours and affected different parts of the platform: dependency automation, core Git operations, and AI-assisted coding.

The Dev Angle

Dependabot rate limiting (Nov 17, 2h 16m): Dependabot hit a rate limit in GitHub Container Registry and failed to complete about 57% of jobs within SLA. If you were pushing container images or relying on automated dependency updates that day, you likely saw delays or failures. GitHub mitigated by throttling job startup rates and raising GHCR limits.

Git operations down (Nov 18, 1h 4m): This one hurt. All Git operations—SSH, HTTP, and raw file access—failed because an internal TLS certificate expired. If you were pushing code, pulling repos, or running CI/CD pipelines, you were blocked. The fix was straightforward: replace the cert and restart services. But the root cause is embarrassing for a platform that manages billions of repositories.

Copilot Claude Sonnet 4.5 unavailable (Nov 28, 2h 24m): Users trying to use Claude Sonnet 4.5 in Copilot got HTTP 400 errors. A misconfiguration marked the model as unavailable. Other models worked fine. If you're using Copilot for code generation, this was a brief but frustrating outage.

Should You Care?

If you use GitHub for anything critical—which you probably do—these incidents matter. The Git operations outage is the most concerning: it's a fundamental service that everything else depends on. An expired certificate shouldn't take down Git in 2025.

The good news: GitHub is responding seriously. They're adding monitoring for rate limits, automating certificate management to eliminate manual renewal, and improving deploy safeguards. The bad news: these are foundational problems that should have been caught earlier.

For Dependabot users, the rate limiting issue suggests you should monitor your dependency update jobs if you're running at scale. For Copilot users, the misconfiguration was a one-off, but it highlights that even AI features can fail in unexpected ways.

Check GitHub's status page for real-time updates and detailed post-incident recaps on each incident.

Source: GitHub Blog