When does Node.js reach end-of-life?

The latest supported Node.js release is 26.3.0. After end-of-life a release no longer receives security patches.

Node.js ↗

OpenJS Foundation · Web / Runtime

100/100 Healthy

Summary iPlain-English security verdict for Node.js, generated from its current health score, actively-exploited vulnerabilities, and latest supported version.

Node.js currently scores 100/100 — healthy. 1 actively-exploited vulnerability (CISA KEV) affects older releases (e.g. CVE-2023-44487) — staying on the latest supported version keeps you clear of it. The latest supported release is 26.3.0. It's on the latest patch with no significant known issues — keep it current.

Disclosure trend iNew CVEs published for Node.js each year (NVD). A higher bar means more disclosures that year — more scrutiny, not necessarily less safe.

'19

'20

'21

'22

'23

'24

'25

'26

Patch priority — what to act on iThe issues to fix first — actively exploited (CISA KEV) first, then by exploitation probability (EPSS), then severity. Each row's "→ fixed in" is the earliest version that patches it; "see advisory" means no fixed version is published.

Most urgent first — actively exploited, then likeliest to be exploited.

CVE-2023-44487 HIGH ● exploited Uncontrolled resource consumption EPSS 94% → fixed in 20.8.1 CVE-2017-14849 HIGH Path traversal EPSS 90% → see advisory CVE-2014-0224 HIGH CWE-326 EPSS 90% → fixed in 0.10.29 CVE-2021-22883 HIGH Uncontrolled resource consumption EPSS 89% → fixed in 15.10.0 CVE-2022-32215 MEDIUM CWE-444 EPSS 86% → fixed in 18.5.0 CVE-2022-32213 MEDIUM CWE-444 EPSS 86% → fixed in 18.9.1 CVE-2022-3602 HIGH Out-of-bounds write EPSS 84% → fixed in 18.11.0 CVE-2016-2107 MEDIUM Information disclosure EPSS 80% → fixed in 5.11.1 CVE-2018-0732 HIGH CWE-320 EPSS 78% → fixed in 10.9.0 CVE-2014-3744 HIGH Path traversal EPSS 78% → see advisory CVE-2020-8277 HIGH Uncontrolled resource consumption EPSS 59% → fixed in 15.2.1 CVE-2015-3194 HIGH CWE-476 EPSS 54% → fixed in 5.1.1

Versions & lifecycle iWhen each release line stops receiving security patches (end-of-life). After EOL there are no more fixes — plan upgrades before these dates.

How long each Node.js release line is supported — and when it sunsets.

26 latest 26.3.0 Supported until 2029-04-30

25 latest 25.9.0 End of life ended 2026-06-01

24 latest 24.16.0 Supported until 2028-04-30

23 latest 23.11.1 End of life ended 2025-06-01

22 latest 22.22.3 Supported until 2027-04-30

21 latest 21.7.3 End of life ended 2024-06-01

20 latest 20.20.2 End of life ended 2026-04-30

19 latest 19.9.0 End of life ended 2023-06-01

18 latest 18.20.8 End of life ended 2025-04-30

17 latest 17.9.1 End of life ended 2022-06-01

See all upcoming end-of-life dates →