Apache NiFi ↗
Summary iPlain-English security verdict for Apache NiFi, generated from its current health score, actively-exploited vulnerabilities, and latest supported version.
Apache NiFi currently scores 100/100 — healthy. No tracked vulnerabilities are currently known to be exploited in the wild. The latest supported release is 2.9.0. It's on the latest patch with no significant known issues — keep it current.
Disclosure trend iNew CVEs published for Apache NiFi each year (NVD). A higher bar means more disclosures that year — more scrutiny, not necessarily less safe.
Patch priority — what to act on iThe issues to fix first — actively exploited (CISA KEV) first, then by exploitation probability (EPSS), then severity. Each row's "→ fixed in" is the earliest version that patches it; "see advisory" means no fixed version is published.
Most urgent first — actively exploited, then likeliest to be exploited.
CVE-2020-27223 MEDIUM CWE-407 EPSS 78% → see advisory CVE-2023-34468 HIGH Code injection EPSS 63% → fixed in 1.22.0 CVE-2017-15697 CRITICAL Improper input validation EPSS 5% → see advisory CVE-2018-1309 CRITICAL XML external entity (XXE) EPSS 5% → fixed in 1.6.0 CVE-2017-5636 CRITICAL Injection EPSS 4% → see advisoryGet alerted about Apache NiFi
Be emailed the moment Apache NiFi gets a newly exploited vulnerability (CISA KEV) or a release reaches end of life. Free · double opt-in · unsubscribe anytime.
We email only on real events for Apache NiFi — no marketing, no sharing, and we never know what you run. Track your whole stack →
Versions & lifecycle iWhen each release line stops receiving security patches (end-of-life). After EOL there are no more fixes — plan upgrades before these dates.
How long each Apache NiFi release line is supported — and when it sunsets. Select a line for its full report.
Full Apache NiFi end-of-life dates & support timeline →
2.9 latest 2.9.0 Supported 2.9.0 → 2.8 latest 2.8.0 End of life ended 2026-04-102.8.0 → 2.7 latest 2.7.2 End of life ended 2026-02-132.7.2 → 2.6 latest 2.6.0 End of life ended 2025-12-092.6.0 → 2.5 latest 2.5.0 End of life ended 2025-09-212.5.0 → 2.4 latest 2.4.0 End of life ended 2025-07-222.4.0 → 2.3 latest 2.3.0 End of life ended 2025-05-012.3.0 → 2.2 latest 2.2.0 End of life ended 2025-03-112.2.0 → 2.1 latest 2.1.0 End of life ended 2025-01-272.1.0 → 2.0 latest 2.0.0 End of life ended 2024-12-232.0.0 → See all upcoming end-of-life dates →Frequently asked
Is Apache NiFi safe and patched?
Apache NiFi currently scores 100/100 — healthy. No tracked vulnerabilities are currently known to be exploited in the wild. The latest supported release is 2.9.0. It's on the latest patch with no significant known issues — keep it current.
What should I do about Apache NiFi now?
Upgrade Apache NiFi to the latest supported release (2.9.0) or later and apply available security updates, then confirm against Apache's official advisory.
When does Apache NiFi reach end-of-life?
The latest supported Apache NiFi release is 2.9.0. After end-of-life a release no longer receives security patches.
Which versions of Apache NiFi are still receiving security updates?
Supported Apache NiFi release lines (latest 2.9.0): 2.9. End-of-life releases no longer receive security patches.
Informational only, from public data (NVD · CISA KEV · EPSS · endoflife.date), and can lag or miss vendor-specific fixes. Always confirm against Apache's official advisory before you patch or upgrade — Apache NiFi official site ↗