Go modules package
github.com/projectdiscovery/nuclei/v3
pkg:golang/github.com/projectdiscovery/nuclei/v3
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-41646 | Med | 5.5 | >= 3.0.0, < 3.8.0 | 3.8.0 | May 8, 2026 | Nuclei is a vulnerability scanner built on a simple YAML-based DSL. From version 3.0.0 to before version 3.8.0, a vulnerability in Nuclei's JavaScript protocol runtime allows JavaScript templates to read local .js and .json files through the require() function, bypassing the defa | |
| CVE-2026-41645 | Med | 5.3 | >= 3.0.0, < 3.8.0 | 3.8.0 | May 8, 2026 | Nuclei is a vulnerability scanner built on a simple YAML-based DSL. From version 3.0.0 to before version 3.8.0, a vulnerability in Nuclei's expression evaluation engine makes it possible for a malicious target server to inject and execute supported DSL expressions. This happens w | |
| CVE-2024-43405 | — | >= 3.0.0, < 3.3.2 | 3.3.2 | Sep 4, 2024 | Nuclei is a vulnerability scanner powered by YAML based templates. Starting in version 3.0.0 and prior to version 3.3.2, a vulnerability in Nuclei's template signature verification system could allow an attacker to bypass the signature check and possibly execute malicious code vi | ||
| CVE-2024-40641 | Hig | 7.4 | < 3.3.0 | 3.3.0 | Jul 17, 2024 | Nuclei is a fast and customizable vulnerability scanner based on simple YAML based DSL. In affected versions it a way to execute code template without -code option and signature has been discovered. Some web applications inherit from Nuclei and allow users to edit and execute wo | |
| CVE-2024-27920 | — | >= 3.0.0, < 3.2.0 | 3.2.0 | Mar 15, 2024 | projectdiscovery/nuclei is a fast and customisable vulnerability scanner based on simple YAML based DSL. A significant security oversight was identified in Nuclei v3, involving the execution of unsigned code templates through workflows. This vulnerability specifically affects use |
- affected >= 3.0.0, < 3.8.0fixed 3.8.0
Nuclei is a vulnerability scanner built on a simple YAML-based DSL. From version 3.0.0 to before version 3.8.0, a vulnerability in Nuclei's JavaScript protocol runtime allows JavaScript templates to read local .js and .json files through the require() function, bypassing the defa
- affected >= 3.0.0, < 3.8.0fixed 3.8.0
Nuclei is a vulnerability scanner built on a simple YAML-based DSL. From version 3.0.0 to before version 3.8.0, a vulnerability in Nuclei's expression evaluation engine makes it possible for a malicious target server to inject and execute supported DSL expressions. This happens w
- CVE-2024-43405Sep 4, 2024affected >= 3.0.0, < 3.3.2fixed 3.3.2
Nuclei is a vulnerability scanner powered by YAML based templates. Starting in version 3.0.0 and prior to version 3.3.2, a vulnerability in Nuclei's template signature verification system could allow an attacker to bypass the signature check and possibly execute malicious code vi
- affected < 3.3.0fixed 3.3.0
Nuclei is a fast and customizable vulnerability scanner based on simple YAML based DSL. In affected versions it a way to execute code template without -code option and signature has been discovered. Some web applications inherit from Nuclei and allow users to edit and execute wo
- CVE-2024-27920Mar 15, 2024affected >= 3.0.0, < 3.2.0fixed 3.2.0
projectdiscovery/nuclei is a fast and customisable vulnerability scanner based on simple YAML based DSL. A significant security oversight was identified in Nuclei v3, involving the execution of unsigned code templates through workflows. This vulnerability specifically affects use