- [20210103] - Core - XSS in com_tags image parameters
- [20210102] - Core - XSS in mod_breadcrumbs aria-label attribute
- [20210101] - Core - com_modules exposes module names
- [20201107] - Core - Write ACL violation in multiple core views
- [20201106] - Core - CSRF in com_privacy emailexport feature
- [20201105] - Core - User Enumeration in backend login
- [20201104] - Core - SQL injection in com_users list view
- [20201103] - Core - Path traversal in mod_random_image
- [20201102] - Core - Disclosure of secrets in Global Configuration page
- [20201101] - Core - com_finder ignores access levels on autosuggest