- How many CVEs does Joomla have?
- Joomla has 981 published CVE records since 2005, including 49 in the last two years.
- How many Joomla CVEs are in CISA KEV?
- Yes — 2 of Joomla's CVEs are listed in CISA's Known Exploited Vulnerabilities catalog, confirmed exploited in the wild and carrying a CISA remediation deadline.
- Which Joomla products have the most CVEs?
- The Joomla products with the most published CVEs are Joomla!, joomla, joomla-cms, Joomla! CMS, bsq sitestats.
- What are the most common weakness types in Joomla CVEs?
- Joomla's CVEs most often map to these CWE weakness types: CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')), CWE-284 (Improper Access Control), CWE-89 (Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')), CWE-287 (Improper Authentication).
- Are there public exploits for Joomla vulnerabilities?
- Yes — 577 of Joomla's CVEs have a known public exploit.
- How many critical Joomla vulnerabilities are there?
- Joomla has 45 critical and 520 high-severity CVEs.
- What is the average severity of Joomla CVEs?
- The average CVSS base score across Joomla's scored CVEs is 6.8.