Ubuntu 19.x — End of Life
EOL Actively exploitedUbuntu 19.x — All releases
| Version | Released | Active support | EOL date | Latest patch | Status |
|---|---|---|---|---|---|
| 19.10 | Oct 17, 2019 | Jul 6, 2020 | Jul 6, 2020 | 19.10 | EOL |
| 19.04 | Apr 18, 2019 | Jan 23, 2020 | Jan 23, 2020 | 19.04 | EOL |
CVEs affecting Ubuntu 19.x (11)
| CVE | Severity | CVSS | EPSS | KEV | Cycle | Description | Published |
|---|---|---|---|---|---|---|---|
| CVE-2026-31431 | HIGH | 7.8 | 96.27% | KEV | 19.10 | In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-pla… | Apr 22, 2026 |
| CVE-2026-31431 | HIGH | 7.8 | 96.27% | KEV | 19.04 | In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-pla… | Apr 22, 2026 |
| CVE-2019-18197 | HIGH | 7.5 | 4.45% | — | 19.10 | In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the rel… | Oct 18, 2019 |
| CVE-2019-18197 | HIGH | 7.5 | 4.45% | — | 19.04 | In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the rel… | Oct 18, 2019 |
| CVE-2019-16168 | MEDIUM | 6.5 | 4.25% | — | 19.04 | In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missin… | Sep 9, 2019 |
| CVE-2019-16168 | MEDIUM | 6.5 | 4.25% | — | 19.10 | In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missin… | Sep 9, 2019 |
| CVE-2019-13118 | MEDIUM | 5.3 | 5.15% | — | 19.10 | In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an in… | Jul 1, 2019 |
| CVE-2019-13118 | MEDIUM | 5.3 | 5.15% | — | 19.04 | In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an in… | Jul 1, 2019 |
| CVE-2019-13117 | MEDIUM | 5.3 | 6.46% | — | 19.10 | In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumb… | Jul 1, 2019 |
| CVE-2019-13117 | MEDIUM | 5.3 | 6.46% | — | 19.04 | In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumb… | Jul 1, 2019 |
| CVE-2019-7317 | MEDIUM | 5.3 | 9.39% | — | 19.04 | png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called und… | Feb 4, 2019 |
Ubuntu 19.x is EOL — migrate to Ubuntu 20.x
Ubuntu 20.x is the next major release. Plan your upgrade before Ubuntu 19.x stops receiving security patches.
Frequently asked questions
Is Ubuntu 19 end of life?
Yes. All Ubuntu 19.x releases have reached end of life and no longer receive security patches. There are 11 known CVEs affecting Ubuntu 19.x. Migrate to Ubuntu 20.x as soon as possible.
What CVEs affect Ubuntu 19?
There are 11 CVEs tracked for Ubuntu 19.x and 2 listed in the CISA Known Exploited Vulnerabilities catalog. See the full list above with CVSS and EPSS scores.
What is the latest Ubuntu 19 version?
The latest Ubuntu 19.x patch release is 19.10, released on October 17, 2019. Always run the latest patch to benefit from all security fixes.
How to migrate from Ubuntu 19 to Ubuntu 20?
To migrate from Ubuntu 19 to Ubuntu 20: (1) review the official Ubuntu 20 migration guide for breaking changes, (2) update dependencies and configuration accordingly, (3) test thoroughly in a staging environment, (4) deploy with a rollback plan. Starting early gives you time to resolve compatibility issues before your current version reaches end of life.
Is it safe to run Ubuntu 19 in production?
No. Ubuntu 19 has reached end of life and security vulnerabilities are no longer patched. Critically, 2 CVEs affecting Ubuntu 19.x are in the CISA KEV catalog — meaning they are actively exploited in the wild. Upgrade to a supported version immediately.
Data sourced from endoflife.date · CVE data from NVD · EPSS from FIRST.org · KEV from CISA
