When does Nginx reach end-of-life?

The latest supported Nginx release is 1.31.1. After end-of-life a release no longer receives security patches.

Nginx ↗

Nginx / F5 · Web / Runtime

100/100 Healthy

Summary iPlain-English security verdict for Nginx, generated from its current health score, actively-exploited vulnerabilities, and latest supported version.

Nginx currently scores 100/100 — healthy. 1 actively-exploited vulnerability (CISA KEV) affects older releases (e.g. CVE-2023-44487) — staying on the latest supported version keeps you clear of it. The latest supported release is 1.31.1. It's on the latest patch with no significant known issues — keep it current.

Disclosure trend iNew CVEs published for Nginx each year (NVD). A higher bar means more disclosures that year — more scrutiny, not necessarily less safe.

'19

'20

'21

'22

'23

'24

'25

'26

Patch priority — what to act on iThe issues to fix first — actively exploited (CISA KEV) first, then by exploitation probability (EPSS), then severity. Each row's "→ fixed in" is the earliest version that patches it; "see advisory" means no fixed version is published.

Most urgent first — actively exploited, then likeliest to be exploited.

CVE-2023-44487 HIGH ● exploited Uncontrolled resource consumption EPSS 94% → fixed in r29 CVE-2013-2028 HIGH Out-of-bounds write EPSS 93% → see advisory CVE-2017-7529 HIGH Integer overflow EPSS 92% → see advisory CVE-2013-4547 HIGH CWE-116 EPSS 91% → fixed in 1.4.4 CVE-2016-0742 HIGH CWE-476 EPSS 79% → fixed in 1.9.10 CVE-2009-2629 HIGH Out-of-bounds write EPSS 78% → fixed in 0.8.15 CVE-2021-23017 HIGH CWE-193 EPSS 74% → fixed in 1.20.1 CVE-2019-20372 MEDIUM CWE-444 EPSS 70% → fixed in 1.17.7 CVE-2018-16843 HIGH Uncontrolled resource consumption EPSS 58% → fixed in 1.15.6 CVE-2014-3556 MEDIUM Command injection EPSS 48% → fixed in 1.7.4 CVE-2010-2263 MEDIUM Information disclosure EPSS 44% → fixed in 0.7.66 CVE-2016-0746 CRITICAL Use-after-free EPSS 6% → fixed in 1.9.10

Versions & lifecycle iWhen each release line stops receiving security patches (end-of-life). After EOL there are no more fixes — plan upgrades before these dates.

How long each Nginx release line is supported — and when it sunsets.

1.31 latest 1.31.1 Supported

1.30 latest 1.30.2 Supported

1.29 latest 1.29.8 End of life ended 2026-05-13

1.28 latest 1.28.3 End of life ended 2026-04-14

1.27 latest 1.27.5 End of life ended 2025-06-24

1.26 latest 1.26.3 End of life ended 2025-04-23

1.25 latest 1.25.5 End of life ended 2024-05-29

1.24 latest 1.24.0 End of life ended 2024-04-23

1.23 latest 1.23.4 End of life ended 2023-05-23

1.22 latest 1.22.1 End of life ended 2023-04-11

See all upcoming end-of-life dates →