The VEL are happy to announce the release of a JSON-formatted feed of extensions on the VEL live and resolved lists.

The feed and its data are licensed under the GPL, and may be used in any way compatible with the GPL, including being used in commercial plugins. We encourage the development of plugins that can use this data.

You can find out more here.

Please contact the developer for more information

abandoned trolley

The VEL team have introduced a new listing category for abandon ware, while not always vulnerable to exploits, projects abandoned may in time introduce an entry to exploit websites.


Reporting is easy and consists of a few simple questions. Your Name & Your Email, so we can thank you for your report,  obviously the extension name,  Extension url so we can check it out and also reason you believe its abandoned.
View the abandoned list at https://vel.joomla.org/abandonware and report them via the abandon ware form

We have had reports that extensions from joomla-pro.org may contain malicious code. If anyone has a copy of an extension downloaded from the developers site, please contact us.

vul test image

Recently the vel team became aware of a mass of reports concerning dozens of  joomla extensions being vulnerable.
All these reports were by the same person, who had not taken due care nor had they made a responsible disclosure to the vel team or to the developers.

The Joomla Project recently released a security advisory regarding the PHP Mailer library. Please read the announcement for further details. Some extensions also include their own versions of vulnerable library, and developers of the relevant extensions are urged to release updates as soon as possible.

The VEL will be maintaining a list of extensions affected by the issue. Users of the affected extensions are strongly advised to update. To be clear, inclusion on the list simply means that the extension includes the vulnerable library, not that an exploit exists, you should contact the developer if you have any questions.