The nuclei-templates repository is a community-curated collection of templates designed for the nuclei vulnerability scanning engine. These templates form the core detection logic that powers the nuclei scanner, enabling security researchers and penetration testers to identify security vulnerabilities in applications. The repository serves as a centralized hub where both the Project Discovery team and the broader security community contribute detection templates that can be executed against target systems.
The repository contains 11,997 files organized across 873 directories, with templates written primarily in JavaScript. The collection encompasses a diverse range of vulnerability detection capabilities, including CVE-based exploits, web application vulnerabilities, cloud misconfigurations, and OSINT reconnaissance templates. The template library includes 6,468 templates tagged with general vulnerability detection, 3,587 CVE-specific templates, 3,265 discovery-focused templates, and specialized templates for common vulnerability types such as cross-site scripting (1,269 templates), WordPress vulnerabilities (1,261 templates), and exposed panels (1,365 templates).
A significant focus of the repository is coverage of known exploited vulnerabilities. The templates provide detection for 454 vulnerabilities from the CISA Known Exploited Vulnerabilities catalog and 1,449 vulnerabilities from the VulnCheck KEV database, with 407 templates covering vulnerabilities present in both sources. This represents 1,496 unique templates targeting actively exploited vulnerabilities in the wild, allowing security teams to prioritize scanning efforts against threats with demonstrated real-world exploitation.
The repository demonstrates substantial community engagement and active maintenance. GitGenius tracking data shows a median issue and pull request response latency of 0.0 hours, indicating rapid triage and feedback cycles. The most active labels tracked include Done (320 items), Bounty (194 items), and template-contribution (190 items), reflecting both completed work and ongoing community contributions. The core contributor base includes DhiyaneshGeek with 979 tracked events, princechaddha with 803 events, and ritikchaddha with 355 events, demonstrating concentrated expertise in template development and curation.
The repository's contributor network extends beyond its immediate scope, with overlapping contributors shared with major projects including Microsoft's VSCode and TypeScript repositories as well as the Rust language project. This cross-pollination suggests that nuclei-templates attracts security-focused developers with broader software engineering expertise.
Templates are organized by severity levels, with 4,353 informational templates, 2,552 high-severity templates, 2,457 medium-severity templates, and 1,555 critical-severity templates. The majority of templates target HTTP-based vulnerabilities (9,281 templates), with additional coverage for cloud infrastructure (659 templates), network-level issues (259 templates), and code-level vulnerabilities (251 templates). The repository actively encourages community participation through pull requests and GitHub issues, with dedicated templates for feature requests and bug reports, supported by an active Discord community and Twitter presence for ongoing engagement and updates.