Skip to main content
The Nuclei Templates library is a community-driven collection of vulnerability detection templates that power Nuclei’s scanning capabilities. With thousands of templates covering CVEs, misconfigurations, and security issues, it’s the largest open-source vulnerability database.

Official template repository

The official Nuclei templates are hosted on GitHub and maintained by ProjectDiscovery and the community.

nuclei-templates

Official templates repository with 9,000+ templates

Cloud template editor

Free AI-powered template editor to create and test templates

Template categories

Templates are organized into the following main categories:
Templates for detecting known Common Vulnerabilities and Exposures (CVEs). These templates are updated regularly as new CVEs are disclosed.Examples:
  • CVE-2021-44228 (Log4Shell)
  • CVE-2024-22120 (Blind SQL Injection)
  • CVE-2023-4173 (Reflected XSS)
Templates for detecting sensitive file disclosures, data leaks, and exposed endpoints.Examples:
  • .git/config exposure
  • bower.json file disclosure
  • Configuration file leaks
  • Backup file exposure
Templates for identifying security misconfigurations in web applications, servers, and cloud services.Examples:
  • Unprotected Jenkins console
  • Open S3 buckets
  • Default credentials
  • Misconfigured CORS policies
Templates organized by technology stack (WordPress, Joomla, Jenkins, etc.).
General vulnerability templates including SQL injection, XSS, RCE, and more.

Using templates

Install and update templates

Nuclei automatically downloads templates on first run. To update to the latest templates: 
nuclei -update-templates

Run specific template categories

# Run all CVE templates
nuclei -u https://example.com -t cves/

# Run specific CVE template
nuclei -u https://example.com -t cves/2021/CVE-2021-44228.yaml

# Run multiple categories
nuclei -u https://example.com -t http/cves/ -t ssl

Filter by severity

# Run only critical and high severity templates
nuclei -u https://example.com -s critical,high

# Exclude info severity
nuclei -u https://example.com -es info

Filter by tags

# Run templates with specific tags
nuclei -u https://example.com -tags cve,rce

# Exclude templates with specific tags
nuclei -u https://example.com -etags dos

Template structure

All Nuclei templates follow a standard YAML structure: 
id: CVE-2021-44228

info:
  name: Apache Log4j2 Remote Code Execution
  author: pdteam
  severity: critical
  description: Apache Log4j2 is vulnerable to RCE via JNDI injection
  reference:
    - https://logging.apache.org/log4j/2.x/security.html
  classification:
    cve-id: CVE-2021-44228
    cwe-id: CWE-502
  tags: cve,cve2021,rce,log4j

http:
  - method: GET
    path:
      - "{{BaseURL}}"
    headers:
      X-Api-Version: "${jndi:ldap://{{interactsh-url}}}"
    
    matchers:
      - type: word
        part: interactsh_protocol
        words:
          - "dns"

Contributing templates

ProjectDiscovery runs two programs for template contributors: Pioneers (recognition program) and Bounties (monetary rewards).
See the Contributing guide for details on how to contribute templates to the official library.

Template validation

Before submitting templates, validate them using the built-in validator: 
# Validate a specific template
nuclei -validate -t path/to/template.yaml

# Validate all templates in a directory
nuclei -validate -t templates/

Community resources

Template editor

AI-powered online editor for creating templates

Discord community

Join the community for help and discussions

Template syntax

Learn the template syntax and structure

Submit bounty templates

Earn rewards for high-quality templates

Build docs developers (and LLMs) love

Get started for freeTalk to us