Community curated list of templates for the nuclei engine to find security vulnerabilities.
The week focused on expanding and maintaining the nuclei-templates security scanning library. New templates were added for vulnerability detection across multiple domains, including Qualys Cloud Platform login checks and DKIM selector discovery, while automated processes refreshed CVE metadata, EPSS…
Get this in your inbox every Monday →A deterministic 0–100 hygiene score — README, license, CI, tests, docs, and freshness.
Who ships this repo — author concentration and the bus factor across the last 300 mainline commits.
How welcoming this repo is to contributors — issue throughput, close time, responsiveness, and good-first-issue count.
Grounded in nuclei-templates's README, structure, and recent commits — answers won't invent code they haven't seen.
A Monday email with what shipped, in plain English — no account needed.
Cleared new additions list
Removed 74 entries from the new additions tracking file. This appears to be a housekeeping commit that clears out previously tracked new items, likely as part of a regular release or update cycle.
Add cryptographic signatures to templates
Automated signing of 300+ CVE and vulnerability template files across the repository to enhance security and integrity verification. This maintenance update applies digital signatures to test definitions without changing their functional content.
Added new CVE vulnerability record
A new CVE entry (CVE-2026-3891) for a critical file upload vulnerability in the Pix for WooCommerce plugin was added to the database. The metadata includes severity level, CVSS score, and detailed vulnerability description.
Add CVE-2026-3891 security test
Added a security vulnerability test template for CVE-2026-3891, which detects unauthenticated arbitrary file upload vulnerabilities in Pix for WooCommerce plugin versions 1.5.0 and earlier. The test verifies if an attacker can upload files without authentication, which could lead to remote code execution.
Fix WordPress trailing slash detection
Updated CVE-2026-23550 security check to properly detect vulnerable WordPress installations that redirect when a trailing slash is present in the URL path. The fix adds trailing slashes to test requests so the vulnerability scanner won't miss cases where the endpoint requires them.
Add KEV tag to CVE record
Updated a CVE-2026-39808 vulnerability record to include the KEV (Known Exploited Vulnerability) tag, marking it as a known exploited vulnerability in addition to the existing vKEV classification.
A floor, not a guess: counts only commits whose author, co-author trailer, or message explicitly credits an AI tool (Claude, Copilot, Cursor, aider, Codex…). Based on 30 mainline commits. Unattributed AI code isn't counted here — the full audit estimates that separately.