Projectdiscovery Nuclei — known CVE vulnerabilities
Every CVE whose affected-product data names Projectdiscovery Nuclei, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2023-37896 — CVSS 7.5 (high): Nuclei is a vulnerability scanner. Prior to version 2.9.9, a security issue in the Nuclei project affected users utilizing Nuclei as Go…
CVE-2024-27920 — CVSS 7.4 (high): projectdiscovery/nuclei is a fast and customisable vulnerability scanner based on simple YAML based DSL. A significant security oversight…
CVE-2024-43405 — CVSS 7.4 (high): Nuclei is a vulnerability scanner powered by YAML based templates. Starting in version 3.0.0 and prior to version 3.3.2, a vulnerability in…
CVE-2026-41646 — CVSS 5.5 (medium): Nuclei is a vulnerability scanner built on a simple YAML-based DSL. From version 3.0.0 to before version 3.8.0, a vulnerability in Nuclei's…
CVE-2026-41645 — CVSS 5.3 (medium): Nuclei is a vulnerability scanner built on a simple YAML-based DSL. From version 3.0.0 to before version 3.8.0, a vulnerability in Nuclei's…
CVE-2026-41282 — CVSS 4.0 (medium): ProjectDiscovery Nuclei 3 before 3.8.0 allows DSL expression injection. This affects use of -env-vars for multi-step templates against…