Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Joomla Number Of NVD 285 CRITICAL 32 HIGH 73 MEDIUM 178 LOW 2
URL https://www.joomla.org/
Explanation Joomla is an open source Content Management System (CMS).

Each major version is supported for at least four years.

Basically, it is recommended to use the latest version.
Tag
  • GPL v2
  • PHP
  • オープンソース

Add Information URL
No Type Name URL
1 https://downloads.joomla.org/
2 https://www.joomla.org/announcements/release-news/
3 https://docs.joomla.org/Joomla!_CMS_versions
4 http://feeds.joomla.org/JoomlaSecurityNews
5 http://www.joomla.jp/
6 https://developer.joomla.org/roadmap.html
7 https://docs.joomla.org/Release_and_support_cycle
8 https://github.com/joomla

List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support
Extended
for a fee
Critical High Medium Low
131 Joomla 5.1 5.1.4 Aug. 27, 2024 April 16, 2024 5 10 19 0
132 Joomla 5.0 5.0.3 July 9, 2024 Oct. 17, 2023 April 16, 2024 5 11 19 0
133 Joomla 4.4 4.4.13 April 8, 2025 Oct. 17, 2023 Oct. 17, 2025 5 11 19 0
134 Joomla 4.3 4.3.4 Aug. 22, 2023 April 18, 2023 Oct. 17, 2023 5 12 20 0
135 Joomla 4.2 4.4.6 July 9, 2024 Aug. 16, 2022 April 18, 2023 5 12 27 0
136 Joomla 4.1 4.1.5 June 21, 2022 Feb. 15, 2022 Aug. 16, 2022 8 12 28 0
137 Joomla 4.0 4.0.6 Jan. 18, 2022 Aug. 17, 2021 Feb. 15, 2022 9 12 27 0
138 Joomla 3.10 3.10.11 Aug. 16, 2022 Aug. 17, 2021 Aug. 17, 2023 6 7 13 0
139 Joomla 3.9 3.9.28 July 6, 2021 Oct. 30, 2018 Aug. 17, 2023 15 26 68 0
140 Joomla 3.8 3.8.13 Oct. 9, 2018 Sept. 19, 2017 Oct. 30, 2018 17 33 76 0
141 Joomla 3.7 3.7.5 Aug. 17, 2017 April 25, 2017 Sept. 19, 2017 19 34 75 1
142 Joomla 3.6 3.6.5 Dec. 13, 2016 July 12, 2016 April 25, 2017 23 35 79 0
143 Joomla 3.5 3.5.1 April 5, 2016 March 21, 2016 July 12, 2016 23 35 77 0
144 Joomla 3.4 3.4.8 Dec. 24, 2015 Feb. 24, 2015 March 21, 2016 23 41 83 0
145 Joomla 3.3 3.3.4 Sept. 23, 2014 April 20, 2014 Feb. 24, 2015 22 42 83 0
146 Joomla 3.2 3.2.1 Dec. 18, 2014 Nov. 6, 2013 Oct. 31, 2014 22 44 85 0
147 Joomla 3.1 3.1.6 Nov. 6, 2013 April 24, 2013 Dec. 31, 2013 18 35 76 0
148 Joomla 3.0 3.0.3 Feb. 4, 2013 Sept. 27, 2012 May 31, 2013 18 35 81 0
149 Joomla 2.5 2.5.28 Dec. 10, 2014 Jan. 24, 2012 Dec. 31, 2014 13 30 58 0
150 Joomla 1.7 1.7.5 Feb. 2, 2012 July 19, 2011 Feb. 29, 2012 10 17 29 0
151 Joomla 1.6 1.6.6 July 26, 2011 Jan. 10, 2011 Aug. 31, 2011 10 14 30 0
152 Joomla 1.5 1.5.26 March 27, 2012 Jan. 22, 2008 Sept. 30, 2012 11 19 35 1
153 Joomla 1.0 1.0.15 Feb. 21, 2008 Sept. 17, 2005 July 22, 2009 5 15 30 0
154 Joomla 13.1 13.1 0 0 0 0
155 Joomla 12.3 12.3 0 0 0 0
156 Joomla 12.1 12.1 0 0 0 0
157 Joomla 11.4 11.4 0 0 0 0
158 Joomla 11.3 11.3 0 0 0 0
159 Joomla 11.2 11.2 0 0 0 0
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2
Level
Attach Vector
Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date
Show Affected Exploit
PoC
Search
131 9.8
7.5
CRITICAL
Network
An issue was discovered in Joomla! before 3.9.7. The CSV export of com_actionslogs is vulnerable to CSV injection. CWE-1236
 Improper Neutralization of Formula Elements in a CSV File
CVE-2019-12765 cpe:2.3:a:joomla:joomla\!:*:* 3.9.0 3.9.6 2024-11-21 13:23
2019-06-12
Show GitHub Exploit DB Packet Storm
132 6.5
4.0
MEDIUM
Network
An issue was discovered in Joomla! before 3.9.7. The update server URL of com_joomlaupdate can be manipulated by non Super-Admin users. NVD-CWE-noinfo
CVE-2019-12764 cpe:2.3:a:joomla:joomla\!:*:* 3.8.13 3.9.7 2024-11-21 13:23
2019-06-12
Show GitHub Exploit DB Packet Storm
133 6.1
4.3
MEDIUM
Network
An issue was discovered in Joomla! before 3.9.6. The debug views of com_users do not properly escape user supplied data, which leads to a potential XSS attack vector. CWE-79
Cross-site Scripting
CVE-2019-11809 cpe:2.3:a:joomla:joomla\!:*:* 1.7.0 3.9.6 2024-11-21 13:21
2019-05-20
Show GitHub Exploit DB Packet Storm
134 9.8
7.5
CRITICAL
Network
The PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 does not prevent directory traversal, which allows attackers to bypass a deserialization protec… CWE-22
CWE-502
Path Traversal
 Deserialization of Untrusted Data
CVE-2019-11831 cpe:2.3:a:joomla:joomla\!:*:* 3.9.3 3.9.5 2024-11-21 13:21
2019-05-9
Show GitHub Exploit DB Packet Storm
135 6.1
4.3
MEDIUM
Network
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an e… CWE-1321
 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2019-11358 cpe:2.3:a:joomla:joomla\!:*:* 3.0.0 3.9.4 2024-11-21 13:20
2019-04-20
Show GitHub Exploit DB Packet Storm
136 7.5
5.0
HIGH
Network
An issue was discovered in Joomla! before 3.9.5. The "refresh list of helpsites" endpoint of com_users lacks access checks, allowing calls from unauthenticated users. CWE-306
Missing Authentication for Critical Function
CVE-2019-10946 cpe:2.3:a:joomla:joomla\!:*:* 3.2.0 3.9.4 2024-11-21 13:20
2019-04-11
Show GitHub Exploit DB Packet Storm
137 9.8
7.5
CRITICAL
Network
An issue was discovered in Joomla! before 3.9.5. The Media Manager component does not properly sanitize the folder parameter, allowing attackers to act outside the media manager root directory. CWE-22
Path Traversal
CVE-2019-10945 cpe:2.3:a:joomla:joomla\!:*:* 1.5.0 3.9.4 2024-11-21 13:20
2019-04-11
Show GitHub Exploit DB Packet Storm
138 6.1
4.3
MEDIUM
Network
An issue was discovered in Joomla! before 3.9.4. The media form field lacks escaping, leading to XSS. CWE-79
Cross-site Scripting
CVE-2019-9714 cpe:2.3:a:joomla:joomla\!:*:* 3.0.0 3.9.4 2024-11-21 13:52
2019-03-13
Show GitHub Exploit DB Packet Storm
139 7.5
5.0
HIGH
Network
An issue was discovered in Joomla! before 3.9.4. The sample data plugins lack ACL checks, allowing unauthorized access. CWE-862
 Missing Authorization
CVE-2019-9713 cpe:2.3:a:joomla:joomla\!:*:* 3.8.0 3.9.4 2024-11-21 13:52
2019-03-13
Show GitHub Exploit DB Packet Storm
140 6.1
4.3
MEDIUM
Network
An issue was discovered in Joomla! before 3.9.4. The JSON handler in com_config lacks input validation, leading to XSS. CWE-79
Cross-site Scripting
CVE-2019-9712 cpe:2.3:a:joomla:joomla\!:*:* 3.2.0 3.9.4 2024-11-21 13:52
2019-03-13
Show GitHub Exploit DB Packet Storm