Note This repository is 100% automated so there can be errors, but in general is pretty accurate. Go to section "How it works" to understand how data is collected.
CVEs analyzed: 71453
CVEs missing: 15113
Dropdown by vuln type:
| Type | Count | Data |
|---|---|---|
| XSS | 6256 | xss.txt |
| RCE | 2861 | rce.txt |
| SQL Injection | 5060 | sqli.txt |
| Local File Inclusion | 78 | lfi.txt |
| Server Side Request Forgery | 145 | ssrf.txt |
| Prototype Pollution | 148 | proto-pollution.txt |
| Request Smuggling | 58 | req-smuggling.txt |
| Open Redirect | 200 | open-redirect.txt |
| XML External Entity | 288 | xxe.txt |
| Server Side Template Injection | 19 | ssti.txt |
Dropdown by year:
| Year | Count | Data |
|---|---|---|
| 1999 | 1 | 1999.txt |
| 2000 | 1 | 2000.txt |
| 2001 | 0 | 2001.txt |
| 2002 | 12 | 2002.txt |
| 2003 | 21 | 2003.txt |
| 2004 | 72 | 2004.txt |
| 2005 | 270 | 2005.txt |
| 2006 | 666 | 2006.txt |
| 2007 | 705 | 2007.txt |
| 2008 | 1501 | 2008.txt |
| 2009 | 394 | 2009.txt |
| 2010 | 230 | 2010.txt |
| 2011 | 174 | 2011.txt |
| 2012 | 373 | 2012.txt |
| 2013 | 317 | 2013.txt |
| 2014 | 692 | 2014.txt |
| 2015 | 711 | 2015.txt |
| 2016 | 432 | 2016.txt |
| 2017 | 1039 | 2017.txt |
| 2018 | 1502 | 2018.txt |
| 2019 | 1123 | 2019.txt |
| 2020 | 1634 | 2020.txt |
| 2021 | 1420 | 2021.txt |
| 2022 | 1823 | 2022.txt |
| 2023 | 0 | 2023.txt |
- Bug bounty: the CVE templates in the official nuclei-templates repo are completely useless for bug bounty. This because everyone is using those templates looking for low hanging fruit. Build your own templates for new (and old!) CVEs, scan all the possible targets and don't forget to share them in the official nuclei-templates repo.
- General Security: Security people can write their own templates for missing CVEs and use them to secure products during pentests, vuln assessments, red team ops and so on... every user will benefit from these actions. If they are very good security people they'll share the templates in official nuclei-templates repo helping the whole infosec community.
- Stats & Data lover: I love data and statistics and I hope people like me will enjoy.
Automated Logic:
for each cve in trickest/cve repo:
if this cve not present in nuclei-templates:
if it contains one of the words we are looking for:
if there are references:
found
-
Which are the "words we are looking for"?
reflected,rce,local file inclusion,server side request forgery,ssrf,remote code execution,remote command execution,command injection,code injection,ssti,template injection,lfi,xss,Cross-Site Scripting,Cross Site Scripting,SQL injection,Prototype pollution,XML External Entity,Request Smuggling,XXE,Open redirect. -
This means the tracked vulnerability types are: XSS, RCE, SQL injection, Local File Inclusion, Server Side Request Forgery, Prototype Pollution, Request Smuggling, Open Redirect, XML Enternal Entity and Server Side Template Injection; but new vuln types will be supported.
-
Why there can be errors in categorizing CVEs? Because when grepping for these words there can be false positives, meaning that an XXE vulnerability can be categorized as RCE because e.g. it says "in certain situations can be escalated to rce".
-
Why if I subtract the "CVEs missing" from the "CVEs analyzed" I don't get the exact official nuclei templates count? Because as said before the tracked vuln types are just 10 (the most famous ones), but a lot of other types are reported as well (and they will be supported).
Just open an issue / pull request.
This repository is under MIT License.
edoardoottavianelli.it to contact me.