As with many other open source development projects that rely heavily on the community for extended functionality, Joomla may be vulnerable to exploits when extensions are not well designed. The Joomla community does take security extremely seriously and maintains a master list of third party extensions that may be subject to security vulnerabilities.
We do visit the list once a month to see if any of the extensions we use are on the list. So far, we never had a problem with any extension, but it never hurts to double check.
The vulnerability list is a bit hidden in the Joomla documentation wiki. If you click here, you will be redirected to the list.