Vulnerability List (VEL) Reporting Form

We accept reports of security vulnerabilities for Joomla! extensions. If you believe you have found a security vulnerability in an extension, please complete the following form. As our vulnerability policy explains, we may send or attempt to contact the developer of the extension.

Reports for the core should be made via https://developer.joomla.org/security.html, any reports made here will be forwarded to them for action.

Note that we do not coordinate or publish every report we receive. We request that you please make a reasonable attempt to contact the affected developer. If the vulnerability you are reporting is already public, please provide the CERT or other vulnerability database number and indicate which vulnerability database the public report is from.

For additional information about the fields in this form, refer to the instructions. If you have any problems, please contact us.

Please provide as much information as you can. Incomplete or incorrect information may delay out investigation. When you are finished, submit your report using the button at the end of the form.

Information with a (*) is required.

Data collected under Joomla Privacy and cookie policy as shown

Please enter your name.
Invalid email address.
Please select yes or no
Invalid Input
Invalid Input
Invalid Input
Invalid Characters Input
Invalid Input
Invalid Input
Invalid Input
Invalid Input

Vulnerability Description

Invalid Input
Invalid Input
Invalid Input
Invalid Input
Invalid URL was Input

Impact of Exploiting this Vulnerability

Invalid Input

Developer Communication


Before submitting this report, please make a reasonable attempt to contact the affected developer via the developers website. If you choose not to try to contact the developer, we may lower the priority of your report.

Invalid Input
Invalid URL was Input

Who is the developer of the product that contains the vulnerability? If you have already contacted the developer regarding this problem, please share the developers contact information and any CERT or other vulnerability database tracking numbers with us. Indicate which vulnerability tracking database the number relates to.

Invalid Input
Invalid Input
Invalid Input
Invalid Input
Invalid Input

Additional Developer Information

Invalid Input

Location of File

Invalid Input
Invalid Input
Invalid Input