Community curated list of templates for the nuclei engine to find security vulnerabilities.
12.6k
Stars
3.6k
Forks
136
Open issues
30
Contributors
AI Analysis
Nuclei Templates is a community-curated repository of security scanning templates for the Nuclei engine, a vulnerability detection tool used by security researchers and bug bounty hunters. It provides pre-built templates for identifying known vulnerabilities, CVEs, and security misconfigurations across web applications, cloud infrastructure, and network services. The project is purpose-built for security professionals who need rapid vulnerability assessment capabilities rather than general-pu...
Inferred from signals mentioned in the README (tests, CI, type safety) — not a review of the actual code.
AI's overall editorial judgment — not an average of the bars above, can weigh other factors too.
12,000+ community-built templates powering nuclei's vulnerability scanning engine
nuclei-templates is the community-maintained content library for the nuclei scanner, providing YAML-based detection templates for security vulnerabilities across web apps, cloud infrastructure, network services, and more. It serves penetration testers, bug bounty hunters, red teams, and security engineers who use nuclei to automate vulnerability discovery at scale. With nearly 12,000 templates covering 3,587 CVEs and 1,496 actively exploited vulnerabilities (KEV), it is the primary reason nuclei has become a staple in offensive security workflows.
Created in April 2020 alongside the nuclei scanner by ProjectDiscovery. Grew from a small internal template set into a community-driven repository with hundreds of contributors, becoming the de facto template source for nuclei users within two years of launch.
Growth was driven primarily by the nuclei engine's rapid adoption in the bug bounty and penetration testing communities, where reusable, shareable templates provided immediate practical value. CISA KEV coverage and high-profile CVE templates attracted enterprise security teams. Community contribution culture — with clear templates for submissions — sustained momentum as the template count scaled to nearly 12,000.
Nuclei itself has 29,000+ stars and is widely documented in use by bug bounty platforms (HackerOne, Bugcrowd workflows), enterprise security teams, and government agencies referencing CISA KEV coverage. The template repository's 3,530 forks and active Discord community provide indirect but credible evidence of broad real-world usage.
Appears to be a flat-to-hierarchical collection of YAML template files organized by category (http, cloud, file, network, code, dast, dns, ssl, workflows). Based on README, templates are declarative definitions consumed by the nuclei engine rather than executable code. The repository itself is content, not a software application.
Not documented in README. ProjectDiscovery likely validates templates through their own CI pipeline, but no explicit test coverage metrics or framework is described in the README.
Exceptionally active as of June 21, 2026 — last push was the same day as the evaluation date (2026-06-21 05:03:44). With 873 directories and 11,997 files, the repository is continuously updated. This indicates daily or near-daily contributions from maintainers and community members.
ADOPT IF: you are using nuclei for penetration testing, bug bounty hunting, or automated vulnerability scanning — the templates are a required component, not optional. AVOID IF: you need a standalone vulnerability scanner without building expertise in the nuclei ecosystem; the templates have no value outside of the nuclei engine. MONITOR IF: you are a defensive security team evaluating nuclei for continuous attack surface monitoring, as template quality and false positive rates vary across the community-contributed set.
Independent dimensions
Mainstream potential
7/10
Technical importance
8/10
Adoption evidence
8/10
- Template quality is uneven across the community-contributed set — some templates may produce false positives or be poorly scoped, requiring user-side validation before use in sensitive environments.
- The repository is tightly coupled to the nuclei engine; breaking changes in nuclei's template syntax can render older templates non-functional, creating maintenance debt across nearly 12,000 files.
- Malicious or overly aggressive templates could be submitted by community contributors before maintainer review catches them, creating potential for unintended harm if templates are run without review.
- Coverage depth is high for web/HTTP vectors but thinner for some cloud-native and emerging attack surfaces; users may find gaps in specialized domains.
- Organizational dependency risk: ProjectDiscovery is a venture-backed company; changes in business model or priorities could affect the open contribution model or template update cadence.
The template library will likely continue growing steadily as nuclei adoption expands into enterprise security toolchains and CI/CD pipelines, with KEV coverage becoming an increasingly cited metric for enterprise buyers.
Newsletter
Get analyses like this every Monday
Free weekly digest of the most interesting open-source discoveries.
Languages
Information
- Language
- JavaScript
- License
- MIT
- Last updated
- 8h ago
- Created
- 76mo ago
- Analyzed with
- anthropic/claude-haiku-4-5
Stars over time
Contributors over time
Top 100 contributors only — repos with more will plateau at 100.
Top contributors
Similar repos
topscoder/nuclei-wordfence-cve
A specialized security tool that provides 77,335 Nuclei vulnerability scanning...
adysec/nuclei_poc
Nuclei POC is a centralized repository that aggregates, categorizes, and...
| Repository | Stars | Week Δ | Language | Score | Updated |
|---|---|---|---|---|---|
|
|
12.6k | +30 | JavaScript | 8/10 | 8h ago |
|
|
29.6k | — | Go | 8/10 | 3d ago |
|
|
1.3k | — | Python | 8/10 | 1d ago |
|
|
1k | — | Go | 7/10 | 1mo ago |
|
|
2.1k | — | — | 7/10 | 13h ago |
|
|
2.6k | — | Go | 8/10 | 1d ago |
A reference payload collection for manual testing, not tied to an automated scanner. Complementary rather than competing — nuclei-templates is machine-executable, PayloadsAllTheThings is human-referenced.
Metasploit modules are exploitation-focused and require deeper interaction; nuclei-templates are detection/discovery focused and designed for high-speed, low-noise scanning at scale. Different operational phase.
Burp's BCheck templates are a newer community format tied to a commercial tool. nuclei-templates has a larger existing library and wider community; BChecks are more tightly integrated with Burp's interactive proxy workflow.
NASL plugins are mature and enterprise-oriented but harder to write and contribute to. nuclei templates use simpler YAML syntax, lowering the contribution barrier significantly.
reconftw is a full recon automation framework that consumes nuclei-templates as a dependency rather than competing with it. They operate at different abstraction levels.