Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Joomla Number Of NVD 285 CRITICAL 32 HIGH 73 MEDIUM 178 LOW 2
URL https://www.joomla.org/
Explanation Joomla is an open source Content Management System (CMS).

Each major version is supported for at least four years.

Basically, it is recommended to use the latest version.
Tag
  • オープンソース
  • GPL v2
  • PHP

Add Information URL
No Type Name URL
1 https://downloads.joomla.org/
2 https://www.joomla.org/announcements/release-news/
3 https://docs.joomla.org/Joomla!_CMS_versions
4 http://feeds.joomla.org/JoomlaSecurityNews
5 http://www.joomla.jp/
6 https://developer.joomla.org/roadmap.html
7 https://docs.joomla.org/Release_and_support_cycle
8 https://github.com/joomla

List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support
Extended
for a fee
Critical High Medium Low
31 Joomla 5.1 5.1.4 Aug. 27, 2024 April 16, 2024 5 10 19 0
32 Joomla 5.0 5.0.3 July 9, 2024 Oct. 17, 2023 April 16, 2024 5 11 19 0
33 Joomla 4.4 4.4.13 April 8, 2025 Oct. 17, 2023 Oct. 17, 2025 5 11 19 0
34 Joomla 4.3 4.3.4 Aug. 22, 2023 April 18, 2023 Oct. 17, 2023 5 12 20 0
35 Joomla 4.2 4.4.6 July 9, 2024 Aug. 16, 2022 April 18, 2023 5 12 27 0
36 Joomla 4.1 4.1.5 June 21, 2022 Feb. 15, 2022 Aug. 16, 2022 8 12 28 0
37 Joomla 4.0 4.0.6 Jan. 18, 2022 Aug. 17, 2021 Feb. 15, 2022 9 12 27 0
38 Joomla 3.10 3.10.11 Aug. 16, 2022 Aug. 17, 2021 Aug. 17, 2023 6 7 13 0
39 Joomla 3.9 3.9.28 July 6, 2021 Oct. 30, 2018 Aug. 17, 2023 15 26 68 0
40 Joomla 3.8 3.8.13 Oct. 9, 2018 Sept. 19, 2017 Oct. 30, 2018 17 33 76 0
41 Joomla 3.7 3.7.5 Aug. 17, 2017 April 25, 2017 Sept. 19, 2017 19 34 75 1
42 Joomla 3.6 3.6.5 Dec. 13, 2016 July 12, 2016 April 25, 2017 23 35 79 0
43 Joomla 3.5 3.5.1 April 5, 2016 March 21, 2016 July 12, 2016 23 35 77 0
44 Joomla 3.4 3.4.8 Dec. 24, 2015 Feb. 24, 2015 March 21, 2016 23 41 83 0
45 Joomla 3.3 3.3.4 Sept. 23, 2014 April 20, 2014 Feb. 24, 2015 22 42 83 0
46 Joomla 3.2 3.2.1 Dec. 18, 2014 Nov. 6, 2013 Oct. 31, 2014 22 44 85 0
47 Joomla 3.1 3.1.6 Nov. 6, 2013 April 24, 2013 Dec. 31, 2013 18 35 76 0
48 Joomla 3.0 3.0.3 Feb. 4, 2013 Sept. 27, 2012 May 31, 2013 18 35 81 0
49 Joomla 2.5 2.5.28 Dec. 10, 2014 Jan. 24, 2012 Dec. 31, 2014 13 30 58 0
50 Joomla 1.7 1.7.5 Feb. 2, 2012 July 19, 2011 Feb. 29, 2012 10 17 29 0
51 Joomla 1.6 1.6.6 July 26, 2011 Jan. 10, 2011 Aug. 31, 2011 10 14 30 0
52 Joomla 1.5 1.5.26 March 27, 2012 Jan. 22, 2008 Sept. 30, 2012 11 19 35 1
53 Joomla 1.0 1.0.15 Feb. 21, 2008 Sept. 17, 2005 July 22, 2009 5 15 30 0
54 Joomla 13.1 13.1 0 0 0 0
55 Joomla 12.3 12.3 0 0 0 0
56 Joomla 12.1 12.1 0 0 0 0
57 Joomla 11.4 11.4 0 0 0 0
58 Joomla 11.3 11.3 0 0 0 0
59 Joomla 11.2 11.2 0 0 0 0
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2
Level
Attach Vector
Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date
Show Affected Exploit
PoC
Search
31 7.3
-
HIGH
Network
The ajax component was excluded from the default logged-in-user check in the administrative area. This behavior was potentially unexpected by 3rd party developers. CWE-284
Improper Access Control
CVE-2026-21629 cpe:2.3:a:joomla:joomla\!:*:* 3.0.0
6.0.0


5.4.4
6.0.4
2026-04-10 05:00
2026-04-1
Show GitHub Exploit DB Packet Storm
32 6.1
-
MEDIUM
Network
Inadequate input validation leads to XSS vulnerabilities in the accessiblemedia field. CWE-79
Cross-site Scripting
CVE-2024-21729 cpe:2.3:a:joomla:joomla\!:*:* 4.0.0
5.0.0


4.4.6
5.1.2
2024-11-21 17:54
2024-07-10
Show GitHub Exploit DB Packet Storm
33 6.1
-
MEDIUM
Network
The wrapper extensions do not correctly validate inputs, leading to XSS vectors. CWE-79
Cross-site Scripting
CVE-2024-26279 cpe:2.3:a:joomla:joomla\!:*:* 3.0.0
4.0.0
5.0.0




3.10.16
4.4.6
5.1.2
2024-11-21 18:02
2024-07-10
Show GitHub Exploit DB Packet Storm
34 6.1
-
MEDIUM
Network
The Custom Fields component not correctly filter inputs, leading to a XSS vector. CWE-79
Cross-site Scripting
CVE-2024-26278 cpe:2.3:a:joomla:joomla\!:*:* 4.0.0
5.0.0
3.7.0




4.4.6
5.1.2
3.10.16
2024-11-21 18:02
2024-07-10
Show GitHub Exploit DB Packet Storm
35 6.1
-
MEDIUM
Network
Improper handling of input could lead to an XSS vector in the StringHelper::truncate method. CWE-79
Cross-site Scripting
CVE-2024-21731 cpe:2.3:a:joomla:joomla\!:*:* 5.0.0
4.0.0
3.0.0
5.1.1
4.4.5
3.10.15




2024-11-21 17:54
2024-07-10
Show GitHub Exploit DB Packet Storm
36 5.4
-
MEDIUM
Network
The fancyselect list field layout does not correctly escape inputs, leading to a self-XSS vector. CWE-79
Cross-site Scripting
CVE-2024-21730 cpe:2.3:a:joomla:joomla\!:*:* 4.0.0
5.0.0


4.4.6
5.1.2
2024-11-21 17:54
2024-07-10
Show GitHub Exploit DB Packet Storm
37 7.5
-
HIGH
Network
The language file parsing process could be manipulated to expose environment variables. Environment variables might contain sensible information. NVD-CWE-noinfo
CVE-2023-40626 cpe:2.3:a:joomla:joomla\!:5.0.0:*
cpe:2.3:a:joomla:joomla\!:*:*
4.0.0
1.6.0


4.4.1
3.10.14
2024-11-21 17:19
2023-11-29
Show GitHub Exploit DB Packet Storm
38 7.5
-
HIGH
Network
An issue was discovered in Joomla! 4.2.0 through 4.3.1. The lack of rate limiting allowed brute force attacks against MFA methods. CWE-307
mproper Restriction of Excessive Authentication Attempts
CVE-2023-23755 cpe:2.3:a:joomla:joomla\!:*:* 4.2.0 4.3.2 2024-11-21 16:46
2023-05-31
Show GitHub Exploit DB Packet Storm
39 6.1
-
MEDIUM
Network
An issue was discovered in Joomla! 4.2.0 through 4.3.1. Lack of input validation caused an open redirect and XSS issue within the new mfa selection screen. CWE-20
CWE-601
 Improper Input Validation 
Open Redirect
CVE-2023-23754 cpe:2.3:a:joomla:joomla\!:*:* 4.2.0 4.3.2 2024-11-21 16:46
2023-05-31
Show GitHub Exploit DB Packet Storm
40 5.3
-
MEDIUM
Network
An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints. NVD-CWE-Other
CVE-2023-23752 cpe:2.3:a:joomla:joomla\!:*:* 4.0.0 4.2.8 2024-11-21 16:46
2023-02-17
Show GitHub Exploit DB Packet Storm