About

The free reference for
software end-of-life intelligence.

endoflife.ai tracks when software products reach end of life — the moment vendors stop issuing security patches. We publish EOL dates, support timelines, and EOL Risk Scores™ for 455+ products including every major runtime, framework, OS, database, and cloud platform. Free, always.

455+
Products tracked
8,400+
Score card pages
Daily
Data refresh cadence
2026
Year founded
Our mission
"No engineering team should discover their runtime is EOL from a breach report. We're building the authoritative reference so they find out from us first."

Why we built this

Most vulnerability scanners check for known CVEs — but they don't flag EOL runtimes. When Node.js 18 went end-of-life in April 2025, every new CVE disclosed after that date accumulated with no patch path. Scanners stayed silent. Teams stayed exposed.

That's the CVE blind spot. With a zero-day, nobody knows the vulnerability exists. With EOL software, the vulnerability is public — listed on NVD, rated by CVSS, often with exploit code on GitHub — but no patch will ever exist. Your scanner gives it a clean bill of health. Attackers know exactly what's there.

endoflife.ai was built to close that gap. We track every major product's lifecycle, quantify the risk with our proprietary EOL Risk Score™, and make the data freely available to every developer, security team, and platform that needs it.

Scott Bissett
Founder · endoflife.ai

Builder, entrepreneur, and infrastructure obsessive based in Calgary, Alberta, Canada. Built endoflife.ai to give security and engineering teams the one reference they need for software lifecycle intelligence — free, comprehensive, and always current.

EOL Risk Score™ Methodology

Every product and version carries a 0–100 EOL Risk Score™ — our proprietary measure of the actual security and operational risk of running that version in production. Four factors drive the score.

40pts
EOL Recency
How long since the version lost official support. A version EOL'd three years ago scores higher than one that went EOL last month.
30pts
Attack Surface
How broadly the product is deployed and how many attack vectors it exposes. Runtimes processing HTTP traffic score higher than niche utilities.
20pts
CISA KEV Exposure
Whether known exploited vulnerabilities exist for this product in the CISA Known Exploited Vulnerabilities catalog.
10pts
Extended Support
Whether commercial extended support options exist for this product, slightly reducing urgency for teams that can't migrate immediately.

Full methodology documentation at endoflife.ai/risk-score

Data sources

EOL date data is sourced from endoflife.date, an open source project maintained by the community under the MIT License. We are grateful for their work and contribution to the ecosystem.

EOL Risk Scores™ are calculated by endoflife.ai using our proprietary methodology. CISA KEV exposure data is sourced from the CISA Known Exploited Vulnerabilities Catalog, a public domain US government dataset.

All data is refreshed at every build deployment. Score cards and product pages are regenerated automatically to reflect the latest lifecycle data.

Partners & Integrations

We work with extended support vendors, security platforms, and observability tools to bring EOL intelligence to the tools engineering and security teams already use.

TuxCare — Extended Linux SupportIn discussion
Datadog — Observability IntegrationIn development
Mend — SCA PlatformIn discussion
Sonatype — Dependency ManagementIn discussion
Snyk — Developer SecurityApplied
JFrog — Artifact ManagementApplied

Contact

Partnerships & API
Location
Calgary, Alberta, Canada
Founded
2026