Summary iPlain-English security verdict for MySQL, generated from its current health score, actively-exploited vulnerabilities, and latest supported version.
MySQL currently scores 100/100 — healthy. No tracked vulnerabilities are currently known to be exploited in the wild. The latest supported release is 9.7.1. It's on the latest patch with no significant known issues — keep it current.
Disclosure trend iNew CVEs published for MySQL each year (NVD). A higher bar means more disclosures that year — more scrutiny, not necessarily less safe.
Patch priority — what to act on iThe issues to fix first — actively exploited (CISA KEV) first, then by exploitation probability (EPSS), then severity. Each row's "→ fixed in" is the earliest version that patches it; "see advisory" means no fixed version is published.
Most urgent first — actively exploited, then likeliest to be exploited.
CVE-2012-2122 MEDIUM Improper authentication EPSS 97% → see advisory CVE-2008-0226 HIGH Memory corruption EPSS 92% → see advisory CVE-2017-3599 HIGH Integer overflow EPSS 90% → see advisory CVE-2020-5398 HIGH Cross-site scripting (XSS) EPSS 88% → see advisory CVE-2022-21279 MEDIUM EPSS 79% → see advisory CVE-2022-21489 MEDIUM EPSS 79% → see advisory CVE-2022-21280 MEDIUM EPSS 77% → see advisory CVE-2003-0780 HIGH EPSS 75% → see advisory CVE-2009-4484 HIGH Out-of-bounds write EPSS 70% → fixed in 5.1.43 CVE-2016-6662 CRITICAL CWE-264 EPSS 68% → see advisory CVE-2020-1967 HIGH CWE-476 EPSS 53% → see advisory CVE-2003-0150 HIGH EPSS 45% → see advisoryGet alerted about MySQL
Be emailed the moment MySQL gets a newly exploited vulnerability (CISA KEV) or a release reaches end of life. Free · double opt-in · unsubscribe anytime.
We email only on real events for MySQL — no marketing, no sharing, and we never know what you run. Track your whole stack →
Versions & lifecycle iWhen each release line stops receiving security patches (end-of-life). After EOL there are no more fixes — plan upgrades before these dates.
How long each MySQL release line is supported — and when it sunsets. Select a line for its full report.
Full MySQL end-of-life dates & support timeline →
9.7 latest 9.7.1 Supported until 2034-04-219.7.1 → 9.6 latest 9.6.1 End of life ended 2026-04-219.6.1 → 9.5 latest 9.5.2 End of life ended 2026-01-209.5.2 → 9.4 latest 9.4.2 End of life ended 2025-10-219.4.2 → 9.3 latest 9.3.2 End of life ended 2025-07-229.3.2 → 9.2 latest 9.2.2 End of life ended 2025-04-159.2.2 → 9.1 latest 9.1.2 End of life ended 2025-01-219.1.2 → 9.0 latest 9.0.1 End of life ended 2024-10-159.0.1 → 8.4 latest 8.4.10 Supported until 2032-04-308.4.10 → 8.3 latest 8.3.0 End of life ended 2024-04-108.3.0 → See all upcoming end-of-life dates →Frequently asked
Is MySQL safe and patched?
MySQL currently scores 100/100 — healthy. No tracked vulnerabilities are currently known to be exploited in the wild. The latest supported release is 9.7.1. It's on the latest patch with no significant known issues — keep it current.
What should I do about MySQL now?
Upgrade MySQL to the latest supported release (9.7.1) or later and apply available security updates, then confirm against Oracle's official advisory.
When does MySQL reach end-of-life?
The latest supported MySQL release is 9.7.1. After end-of-life a release no longer receives security patches.
Which versions of MySQL are still receiving security updates?
Supported MySQL release lines (latest 9.7.1): 9.7, 8.4. End-of-life releases no longer receive security patches.
Informational only, from public data (NVD · CISA KEV · EPSS · endoflife.date), and can lag or miss vendor-specific fixes. Always confirm against Oracle's official advisory before you patch or upgrade — MySQL official site ↗