SecAlerts
CVE ListPricingSign Up
joomla logo

joomla

Security Risk Profile

57
/100
medium

Security Risk Score

Comprehensive risk assessment based on 968 vulnerabilities, EPSS scores, exploitation status, and remediation availability.

📅 Data spans from November 23, 2005 to present

968
Total CVEs
572
Critical+High
4
Exploited
511
Unpatched

Threat Assessment

Avg CVSS
6.8
Base severity
Avg EPSS
0%
Exploit probability
Unpatched
511
Critical/High
Risk Level
57/100
medium
⚠️ 4 Active Exploits🆕 2Fresh (<7d)📈 6 in Last 30 Days

Severity Distribution

Critical
49
High
523
Medium
389
Low
7

Exploit Likelihood

>50% chance
0
20-50%
0
5-20%
0
<5%
1

Age Distribution

Common Weaknesses (CWE)

1
SQL Injection
389
2
XSS
168
3
Path Traversal
126
4
Code Injection
52
5
Input Validation
37

Most Affected Products

1. Joomla Joomla\!2919
2. Joomla joomla430
3. RSGallery2 Com Rsgallery2118
4. Algisinfo Aicontactsafe59
5. Anything-digital Sh404sef46

Recent Vulnerabilities

See more →
CVE-2018-25351
CVSS 8.2high

Joomla! Component EkRishta 2.10 SQL Injection via username

5/23/2026🔧 No Patch
CVE-2018-25348
CVSS 8.2high

Joomla! Component Ek Rishta 2.10 SQL Injection via user_detail

5/23/2026🔧 No Patch
CVE-2018-25336
CVSS 6.9medium

Joomla jCart for OpenCart 2.3.0.2 Cross-Site Request Forgery

5/17/2026🔧 No Patch
CVE-2018-25330
CVSS 8.8high

Joomla! EkRishta 2.10 Persistent XSS and SQL Injection

5/17/2026🔧 No Patch
CVE-2020-37226
CVSS 7.1high

Joomla J2 JOBS 1.3.0 Authenticated SQL Injection via sortby

5/13/2026🔧 No Patch
CVE-2020-37218
CVSS 8.8high

Joomla com_hdwplayer 4.2 SQL Injection via search.php

5/13/2026🔧 No Patch
CVE-2026-21630
CVSS 6.9medium

Joomla! Core - [20260302] - SQL injection in com_content articles webservice endpoint

4/1/2026🔧 No Patch
CVE-2026-23898
CVSS 8.6high

Joomla! Core - [20260305] - Arbitrary file deletion in com_joomlaupdate

4/1/2026🔧 No Patch
CVE-2026-21629
CVSS 6.3medium

Joomla! Core - [20260301] - ACL hardening in com_ajax

4/1/2026🔧 No Patch
CVE-2026-23899
CVSS 8.6high

Joomla! Core - [20260306] - Improper access check in webservice endpoints

4/1/2026🔧 No Patch

Monitor joomla in Real-Time

Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
Powered bySecAlerts

Monitor Your Software Stack in Real-Time

Get instant alerts when vulnerabilities are discovered in your software stack. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
AboutNewsDocumentationTermsContact

© 2026 SecAlerts Pty Ltd. All rights reserved.