When does Grafana reach end-of-life?

The latest supported Grafana release is 13.0.2. After end-of-life a release no longer receives security patches.

Grafana ↗

Grafana Labs · Infrastructure

100/100 Healthy

Summary iPlain-English security verdict for Grafana, generated from its current health score, actively-exploited vulnerabilities, and latest supported version.

Grafana currently scores 100/100 — healthy. 2 actively-exploited vulnerabilities (CISA KEV) affect older releases (e.g. CVE-2021-43798) — staying on the latest supported version keeps you clear of them. The latest supported release is 13.0.2. It's on the latest patch with no significant known issues — keep it current.

Disclosure trend iNew CVEs published for Grafana each year (NVD). A higher bar means more disclosures that year — more scrutiny, not necessarily less safe.

'19

'20

'21

'22

'23

'24

'25

'26

Patch priority — what to act on iThe issues to fix first — actively exploited (CISA KEV) first, then by exploitation probability (EPSS), then severity. Each row's "→ fixed in" is the earliest version that patches it; "see advisory" means no fixed version is published.

Most urgent first — actively exploited, then likeliest to be exploited.

CVE-2021-43798 HIGH ● exploited Path traversal EPSS 94% → fixed in 8.2.7 CVE-2021-39226 CRITICAL ● exploited Improper authentication EPSS 94% → fixed in 8.1.6 CVE-2024-9264 CRITICAL Code injection EPSS 94% → see advisory CVE-2020-13379 HIGH Server-side request forgery (SSRF) EPSS 93% → see advisory CVE-2021-27358 HIGH EPSS 92% → see advisory CVE-2019-15043 HIGH Missing authentication EPSS 91% → fixed in 6.3.4 CVE-2021-41174 MEDIUM Cross-site scripting (XSS) EPSS 88% → fixed in 8.2.3 CVE-2022-26148 CRITICAL CWE-312 EPSS 87% → see advisory CVE-2018-15727 CRITICAL Improper authentication EPSS 80% → fixed in 5.2.3 CVE-2022-32275 HIGH Path traversal EPSS 67% → see advisory CVE-2023-0507 HIGH Cross-site scripting (XSS) EPSS 61% → fixed in 9.3.8 CVE-2020-11110 MEDIUM Cross-site scripting (XSS) EPSS 54% → see advisory

Versions & lifecycle iWhen each release line stops receiving security patches (end-of-life). After EOL there are no more fixes — plan upgrades before these dates.

How long each Grafana release line is supported — and when it sunsets.

13.0 latest 13.0.2 Supported until 2027-01-09

12.4 latest 12.4.4 Supported until 2027-05-24

12.3 latest 12.3.7 Supported until 2026-08-19

12.2 latest 12.2.9 Supported until 2026-06-23

12.1 latest 12.1.10+security-01 End of life ended 2026-04-22

12.0 latest 12.0.10 End of life ended 2026-02-05

11.6 latest 11.6.15 Supported until 2026-06-25

11.5 latest 11.5.10 End of life ended 2025-10-28

11.4 latest 11.4.8 End of life ended 2025-09-05

11.3 latest 11.3.9 End of life ended 2025-07-22

See all upcoming end-of-life dates →