Right now there’s no machine-readable output format of the vulnerable extensions list. This causes a lot of issues when someone tries to find out, if a specific extension is listed on the VEL or not, because he or she wants to do for example one of the following things:

  • develop a plugin that automatically sends an email to the site administrator when an installed extension gets listed

  • add a feature to the built-in installer to warn users when a listed extension should be installed

  • develop a tool for webhosts that allows them to specifically search for vulnerable Joomla installations on their servers

The solution to this problem is quite simple: by building a small API, we could offer a fast and simple way to check if a specific extension and version is listed on the VEL or not. By using a API instead of an RSS feed, a downloadable CSV list or something similar, developing tools that make use of this API will be pretty easy because it will be built on very basic protocols and formats, that can be easily processed.

We are building a team that can help formulate a solution. plase contact the vel team to be given access to the ideas dcument