- [20200306] - Core - SQL injection in Featured Articles menu parameters
- [20200305] - Core - Incorrect Access Control in com_fields SQL field
- [20200304] - Core - Identifier collisions in com_users
- [20200303] - Core - Incorrect Access Control in com_templates
- [20200302] - Core - XSS in Protostar and Beez3
- [20200301] - Core - CSRF in com_templates image actions
- [20200103] - Core - XSS in com_actionlogs
- [20200102] - Core - CSRF com_templates LESS compiler
- [20200101] - Core - CSRF in batch actions
- [20191202] - Core - Various SQL injections through configuration parameters