VYPR

Nuclei

by Projectdiscovery

Source repositories

CVEs (7)

  • CVE-2024-40641HigJul 17, 2024
    risk 0.41cvss 7.4epss 0.00

    Nuclei is a fast and customizable vulnerability scanner based on simple YAML based DSL. In affected versions it a way to execute code template without -code option and signature has been discovered. Some web applications inherit from Nuclei and allow users to edit and execute…

  • CVE-2026-41646MedMay 8, 2026
    risk 0.29cvss 5.5epss 0.00

    Nuclei is a vulnerability scanner built on a simple YAML-based DSL. From version 3.0.0 to before version 3.8.0, a vulnerability in Nuclei's JavaScript protocol runtime allows JavaScript templates to read local .js and .json files through the require() function, bypassing the…

  • CVE-2026-41645MedMay 8, 2026
    risk 0.27cvss 5.3epss 0.00

    Nuclei is a vulnerability scanner built on a simple YAML-based DSL. From version 3.0.0 to before version 3.8.0, a vulnerability in Nuclei's expression evaluation engine makes it possible for a malicious target server to inject and execute supported DSL expressions. This happens…

  • CVE-2026-41282MedApr 20, 2026
    risk 0.19cvss 4.0epss 0.00

    ProjectDiscovery Nuclei 3 before 3.8.0 allows DSL expression injection. This affects use of -env-vars for multi-step templates against untrusted targets (not the default configuration).

  • CVE-2024-43405Sep 4, 2024
    risk 0.00cvss epss 0.01

    Nuclei is a vulnerability scanner powered by YAML based templates. Starting in version 3.0.0 and prior to version 3.3.2, a vulnerability in Nuclei's template signature verification system could allow an attacker to bypass the signature check and possibly execute malicious code…

  • CVE-2024-27920Mar 15, 2024
    risk 0.00cvss epss 0.00

    projectdiscovery/nuclei is a fast and customisable vulnerability scanner based on simple YAML based DSL. A significant security oversight was identified in Nuclei v3, involving the execution of unsigned code templates through workflows. This vulnerability specifically affects…

  • CVE-2023-37896Aug 4, 2023
    risk 0.00cvss epss 0.01

    Nuclei is a vulnerability scanner. Prior to version 2.9.9, a security issue in the Nuclei project affected users utilizing Nuclei as Go code (SDK) running custom templates. This issue did not affect CLI users. The problem was related to sanitization issues with payload loading…