Black Duck Open Hub has launched a "Project Vulnerability Report" (PVR) score. This is an excellent initiative, and quite a challenge (given the messy data).
About this project: http://blog.openhub.net/about-pvr/ http://blog.openhub.net/2016/10/project-security/ http://blog.openhub.net/2016/04/open-hub-in-2016/ https://blog.openhub.net/2017/05/researching-project-security-data/
The results for Tiki are here: https://www.openhub.net/p/tikiwiki/security
Discussion is here: https://www.openhub.net/topics/13907
As of 2016-11-26, there is an issue with the data, to be reported: