Synced 16 Jun 2026 15:24 UTC Account
← All products

Sourcegraph

Sourcegraph · Dev / Code Search
↻ RSS feed
Monitors Sourcegraph and tailors your dashboard to that exact version.
7.4.0 · latest cycle100/100 Healthy

Summary iPlain-English security verdict for Sourcegraph, generated from its current health score, actively-exploited vulnerabilities, and latest supported version.

Sourcegraph currently scores 100/100 — healthy. No tracked vulnerabilities are currently known to be exploited in the wild. The latest supported release is 7.4.0. It's on the latest patch with no significant known issues — keep it current.

Disclosure trend iNew CVEs published for Sourcegraph each year (NVD). A higher bar means more disclosures that year — more scrutiny, not necessarily less safe.

'19
'20
'21
'22
'23
'24
'25
'26

Patch priority — what to act on iThe issues to fix first — actively exploited (CISA KEV) first, then by exploitation probability (EPSS), then severity. Each row's "→ fixed in" is the earliest version that patches it; "see advisory" means no fixed version is published.

Most urgent first — actively exploited, then likeliest to be exploited.

CVE-2022-23642 HIGH Code injection EPSS 74% → fixed in 3.37 CVE-2022-41943 CRITICAL CWE-276 EPSS 1% → fixed in 4.1.0

See all 10 known Sourcegraph CVEs & security history →

Get alerted about Sourcegraph

Be emailed the moment Sourcegraph gets a newly exploited vulnerability (CISA KEV) or a release reaches end of life. Free · double opt-in · unsubscribe anytime.

We email only on real events for Sourcegraph — no marketing, no sharing, and we never know what you run. Track your whole stack →

Monitor up to 200 products — freeHit ☆ Monitor on anything you run, then sign in (no password) to sync your stack across devices and unlock smart insights, risk history & CSV/JSON exports. Sign in free →

Versions & lifecycle iWhen each release line stops receiving security patches (end-of-life). After EOL there are no more fixes — plan upgrades before these dates.

How long each Sourcegraph release line is supported — and when it sunsets. Select a line for its full report.

Jan29'25 Sourcegraph 5ended 2025-01-29
May22'23 Sourcegraph 4ended 2023-05-22

Full Sourcegraph end-of-life dates & support timeline →

7 latest 7.4.0 Supported 7.4.0 → 6 latest 6.12.5040 Supported 6.12.5040 → 5 latest 5.11.6271 End of life ended 2025-01-295.11.6271 → 4 latest 4.5.1 End of life ended 2023-05-224.5.1 → See all upcoming end-of-life dates →

Frequently asked

Is Sourcegraph safe and patched?

Sourcegraph currently scores 100/100 — healthy. No tracked vulnerabilities are currently known to be exploited in the wild. The latest supported release is 7.4.0. It's on the latest patch with no significant known issues — keep it current.

What should I do about Sourcegraph now?

Upgrade Sourcegraph to the latest supported release (7.4.0) or later and apply available security updates, then confirm against Sourcegraph's official advisory.

When does Sourcegraph reach end-of-life?

The latest supported Sourcegraph release is 7.4.0. After end-of-life a release no longer receives security patches.

Which versions of Sourcegraph are still receiving security updates?

Supported Sourcegraph release lines (latest 7.4.0): 7, 6. End-of-life releases no longer receive security patches.

Informational only, from public data (NVD · CISA KEV · EPSS · endoflife.date), and can lag or miss vendor-specific fixes. Always confirm against Sourcegraph's official advisory before you patch or upgrade — Sourcegraph official site ↗