Live Intelligence
CVE Intelligence —
EOL Software in the CISA KEV Catalog
The CISA Known Exploited Vulnerabilities (KEV) catalog lists software products with confirmed active exploitation in the wild. This page cross-references every product in that catalog against end-of-life status — surfacing the most dangerous intersection in your stack: software that is both actively exploited and no longer receiving security patches.
Why this matters more than a standard CVE scan
When software is actively exploited (CISA KEV) and past end of life, no patch will ever be issued for newly discovered vulnerabilities. Your scanner shows green. The attacker knows. This is the CVE blind spot — and this page makes it visible.
How EOL Risk Score is calculated for KEV-exposed products
40
EOL Recency
How far past EOL — or how close to it. Accumulates over time with no ceiling. The longest-EOL products score maximum points on this factor.
30
Attack Surface
OS, runtimes, databases score Critical (30pts). Frameworks and tools score High (20pts). KEV products are disproportionately in the Critical tier.
20
CISA KEV Exposure
Every product on this page scores the full 20 points here — confirmed active exploitation in the wild. This is not theoretical risk.
KEV-Exposed Products with EOL Risk Scores
Loading...
Fetching live EOL data from endoflife.date...
Data sources
CISA KEV membership is determined by cross-referencing the CISA Known Exploited Vulnerabilities catalog against the endoflife.date product registry. EOL dates and version data are sourced from endoflife.date (MIT license). EOL Risk Scores™ are calculated using the endoflife.ai proprietary methodology. Data is fetched live at page load — scores reflect the current date.
Last updated: —
Last updated: —
Check your full stack for EOL and KEV exposure
Upload your requirements.txt, package.json, or Gemfile — get a full EOL and risk report instantly.
Scan your stack Check a product