Node.js 17.x — End of Life
EOL Critical riskNode.js 17.x — All releases
| Version | Released | Active support | EOL date | Latest patch | Status |
|---|---|---|---|---|---|
| 17 | Oct 19, 2021 | Apr 1, 2022 | Jun 1, 2022 | 17.9.1 | EOL |
CVEs affecting Node.js 17.x (2)
| CVE | Severity | CVSS | EPSS | KEV | Cycle | Description | Published |
|---|---|---|---|---|---|---|---|
| CVE-2026-21637 | HIGH | 7.5 | 0.03% | — | 17 | A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when `pskCall… | Jan 20, 2026 |
| CVE-2024-3566 | CRITICAL | 9.8 | 10.55% | — | 17 | A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly d… | Apr 10, 2024 |
Node.js 17.x is EOL — migrate to Node.js 18.x
Node.js 18.x is the next major release. Plan your upgrade before Node.js 17.x stops receiving security patches.
Frequently asked questions
Is Node.js 17 end of life?
Yes. All Node.js 17.x releases have reached end of life and no longer receive security patches. There are 2 known CVEs affecting Node.js 17.x, including 1 critical. Migrate to Node.js 18.x as soon as possible.
What CVEs affect Node.js 17?
There are 2 CVEs tracked for Node.js 17.x, including 1 critical severity issue. See the full list above with CVSS and EPSS scores.
What is the latest Node.js 17 version?
The latest Node.js 17.x patch release is 17.9.1, released on June 1, 2022. Always run the latest patch to benefit from all security fixes.
How to migrate from Node.js 17 to Node.js 18?
To migrate from Node.js 17 to Node.js 18: (1) review the official Node.js 18 migration guide for breaking changes, (2) update dependencies and configuration accordingly, (3) test thoroughly in a staging environment, (4) deploy with a rollback plan. Starting early gives you time to resolve compatibility issues before your current version reaches end of life.
Is it safe to run Node.js 17 in production?
No. Node.js 17 has reached end of life and security vulnerabilities are no longer patched. Upgrade to a supported version immediately.
Data sourced from endoflife.date · CVE data from NVD · EPSS from FIRST.org · KEV from CISA