Joomla users may or may not know about this list of extensions on the Joomla Docs that have been marked as vulnerable to various kinds of attack. Before you install an extension, you might want to check the list to ensure you're not exposing your site to a malicious attacker.
Please check with the extension publisher in case of any questions over the security of their product. Report Vulnerable extensions either in the jforum:432 security topic or the extensions topic clearly marked with the first word in the title being Vulnerable where the security moderators or JSST team will respond. This list is change protected, for updates or editing requests Mandville or lafrance.
Each of the issues includes the extension name, a summary of what the issue is, when the vulnerability was published, a possible severity level and a link to more information about the problem. Some extensions listed also include a link to an updated version that corrects the issue.