Synced 17 Jun 2026 22:27 UTC Account
← All products

SonarQube

SonarSource · Developer Tools
↻ RSS feed
Monitors SonarQube and tailors your dashboard to that exact version.
26.6.0.123539 · latest cycle/100 Unknown

Summary iPlain-English security verdict for SonarQube, generated from its current health score, actively-exploited vulnerabilities, and latest supported version.

SonarQube's security status could not be assessed at the last sync — vulnerability data was unavailable.

Disclosure trend iNew CVEs published for SonarQube each year (NVD). A higher bar means more disclosures that year — more scrutiny, not necessarily less safe.

'19
'20
'21
'22
'23
'24
'25
'26

Patch priority — what to act on iThe issues to fix first — actively exploited (CISA KEV) first, then by exploitation probability (EPSS), then severity. Each row's "→ fixed in" is the earliest version that patches it; "see advisory" means no fixed version is published.

No urgent unpatched issues identified. ✓

Get alerted about SonarQube

Be emailed the moment SonarQube gets a newly exploited vulnerability (CISA KEV) or a release reaches end of life. Free · double opt-in · unsubscribe anytime.

We email only on real events for SonarQube — no marketing, no sharing, and we never know what you run. Track your whole stack →

Monitor up to 200 products — freeHit ☆ Monitor on anything you run, then sign in (no password) to sync your stack across devices and unlock smart insights, risk history & CSV/JSON exports. Sign in free →

Versions & lifecycle iWhen each release line stops receiving security patches (end-of-life). After EOL there are no more fixes — plan upgrades before these dates.

How long each SonarQube release line is supported — and when it sunsets. Select a line for its full report.

Jan6'26 SonarQube 25ended 2026-01-06
Jan20'25 SonarQube 9ended 2025-01-20
Jan7'25 SonarQube 24ended 2025-01-07
Dec2'24 SonarQube 10ended 2024-12-02
Feb7'23 SonarQube 8ended 2023-02-07
May4'21 SonarQube 7ended 2021-05-04

Full SonarQube end-of-life dates & support timeline →

26 latest 26.6.0.123539 Supported 26.6.0.123539 → 25 latest 25.12.0.117093 End of life ended 2026-01-0625.12.0.117093 → 24 latest 24.12.0.100206 End of life ended 2025-01-0724.12.0.100206 → 10 latest 10.7.0.96327 End of life ended 2024-12-0210.7.0.96327 → 9 latest 9.9.8.100196 End of life ended 2025-01-209.9.8.100196 → 8 latest 8.9.10.61524 End of life ended 2023-02-078.9.10.61524 → 7 latest 7.9.6 End of life ended 2021-05-047.9.6 → See all upcoming end-of-life dates →

Frequently asked

Is SonarQube safe and patched?

SonarQube's security status could not be assessed at the last sync — vulnerability data was unavailable.

What should I do about SonarQube now?

Upgrade SonarQube to the latest supported release (26.6.0.123539) or later and apply available security updates, then confirm against SonarSource's official advisory.

When does SonarQube reach end-of-life?

The latest supported SonarQube release is 26.6.0.123539. After end-of-life a release no longer receives security patches.

Which versions of SonarQube are still receiving security updates?

Supported SonarQube release lines (latest 26.6.0.123539): 26. End-of-life releases no longer receive security patches.

Informational only, from public data (NVD · CISA KEV · EPSS · endoflife.date), and can lag or miss vendor-specific fixes. Always confirm against SonarSource's official advisory before you patch or upgrade — SonarQube official site ↗