Why we built this
Most vulnerability scanners check for known CVEs — but they don't flag EOL runtimes. When Node.js 18 went end-of-life in April 2025, every new CVE disclosed after that date accumulated with no patch path. Scanners stayed silent. Teams stayed exposed.
That's the CVE blind spot. With a zero-day, nobody knows the vulnerability exists. With EOL software, the vulnerability is public — listed on NVD, rated by CVSS, often with exploit code on GitHub — but no patch will ever exist. Your scanner gives it a clean bill of health. Attackers know exactly what's there.
endoflife.ai was built to close that gap. We track every major product's lifecycle, quantify the risk with our proprietary EOL Risk Score™, and make the data freely available to every developer, security team, and platform that needs it.
Builder, entrepreneur, and infrastructure obsessive based in Calgary, Alberta, Canada. Built endoflife.ai to give security and engineering teams the one reference they need for software lifecycle intelligence — free, comprehensive, and always current.