Skip to content

Commit 542ace6

Browse files
edoardotttedoardottt
committed
2023-02-20 - cve update
1 parent ffb1c4d commit 542ace6

35 files changed

+6772
-29693
lines changed

README.md

Lines changed: 38 additions & 36 deletions
Original file line numberDiff line numberDiff line change
@@ -9,53 +9,54 @@
99
Stats 📊
1010
-------
1111

12-
**CVEs analyzed**: 71464
12+
**CVEs analyzed**: 71536
1313

14-
**CVEs missing**: 26006
14+
**CVEs missing**: 18366
1515

1616
**Dropdown by vuln type**:
1717

1818
| Type | Count | Data |
1919
| - | - | - |
20-
| XSS | 11923 | [xss.txt](https://github.com/edoardottt/missing-cve-nuclei-templates/blob/main/data/type/xss.txt) |
21-
| RCE | 5475 | [rce.txt](https://github.com/edoardottt/missing-cve-nuclei-templates/blob/main/data/type/rce.txt) |
22-
| SQL Injection | 6944 | [sqli.txt](https://github.com/edoardottt/missing-cve-nuclei-templates/blob/main/data/type/sqli.txt) |
23-
| Local File Inclusion | 149 | [lfi.txt](https://github.com/edoardottt/missing-cve-nuclei-templates/blob/main/data/type/lfi.txt) |
24-
| Server Side Request Forgery | 289 | [ssrf.txt](https://github.com/edoardottt/missing-cve-nuclei-templates/blob/main/data/type/ssrf.txt) |
25-
| Prototype Pollution | 296 | [proto-pollution.txt](https://github.com/edoardottt/missing-cve-nuclei-templates/blob/main/data/type/proto-pollution.txt) |
26-
| Request Smuggling | 104 | [req-smuggling.txt](https://github.com/edoardottt/missing-cve-nuclei-templates/blob/main/data/type/req-smuggling.txt) |
27-
| Open Redirect | 315 | [open-redirect.txt](https://github.com/edoardottt/missing-cve-nuclei-templates/blob/main/data/type/open-redirect.txt) |
28-
| XML External Entity | 474 | [xxe.txt](https://github.com/edoardottt/missing-cve-nuclei-templates/blob/main/data/type/xxe.txt) |
29-
| Server Side Template Injection | 37 | [ssti.txt](https://github.com/edoardottt/missing-cve-nuclei-templates/blob/main/data/type/ssti.txt) |
20+
| XSS | 7356 | [xss.txt](https://github.com/edoardottt/missing-cve-nuclei-templates/blob/main/data/type/xss.txt) |
21+
| RCE | 2863 | [rce.txt](https://github.com/edoardottt/missing-cve-nuclei-templates/blob/main/data/type/rce.txt) |
22+
| SQL Injection | 5066 | [sqli.txt](https://github.com/edoardottt/missing-cve-nuclei-templates/blob/main/data/type/sqli.txt) |
23+
| Local File Inclusion | 76 | [lfi.txt](https://github.com/edoardottt/missing-cve-nuclei-templates/blob/main/data/type/lfi.txt) |
24+
| Server Side Request Forgery | 145 | [ssrf.txt](https://github.com/edoardottt/missing-cve-nuclei-templates/blob/main/data/type/ssrf.txt) |
25+
| Prototype Pollution | 148 | [proto-pollution.txt](https://github.com/edoardottt/missing-cve-nuclei-templates/blob/main/data/type/proto-pollution.txt) |
26+
| Request Smuggling | 58 | [req-smuggling.txt](https://github.com/edoardottt/missing-cve-nuclei-templates/blob/main/data/type/req-smuggling.txt) |
27+
| Open Redirect | 200 | [open-redirect.txt](https://github.com/edoardottt/missing-cve-nuclei-templates/blob/main/data/type/open-redirect.txt) |
28+
| XML External Entity | 289 | [xxe.txt](https://github.com/edoardottt/missing-cve-nuclei-templates/blob/main/data/type/xxe.txt) |
29+
| Path Traversal | 2146 | [path-traversal.txt](https://github.com/edoardottt/missing-cve-nuclei-templates/blob/main/data/type/path-traversal.txt) |
30+
| Server Side Template Injection | 19 | [ssti.txt](https://github.com/edoardottt/missing-cve-nuclei-templates/blob/main/data/type/ssti.txt) |
3031

3132
**Dropdown by year**:
3233

3334
| Year | Count | Data |
3435
| - | - | - |
3536
| 1999 | 1 | [1999.txt](https://github.com/edoardottt/missing-cve-nuclei-templates/blob/main/data/year/1999.txt) |
3637
| 2000 | 1 | [2000.txt](https://github.com/edoardottt/missing-cve-nuclei-templates/blob/main/data/year/2000.txt) |
37-
| 2001 | 0 | [2001.txt](https://github.com/edoardottt/missing-cve-nuclei-templates/blob/main/data/year/2001.txt) |
38-
| 2002 | 12 | [2002.txt](https://github.com/edoardottt/missing-cve-nuclei-templates/blob/main/data/year/2002.txt) |
39-
| 2003 | 21 | [2003.txt](https://github.com/edoardottt/missing-cve-nuclei-templates/blob/main/data/year/2003.txt) |
40-
| 2004 | 72 | [2004.txt](https://github.com/edoardottt/missing-cve-nuclei-templates/blob/main/data/year/2004.txt) |
41-
| 2005 | 270 | [2005.txt](https://github.com/edoardottt/missing-cve-nuclei-templates/blob/main/data/year/2005.txt) |
42-
| 2006 | 666 | [2006.txt](https://github.com/edoardottt/missing-cve-nuclei-templates/blob/main/data/year/2006.txt) |
43-
| 2007 | 705 | [2007.txt](https://github.com/edoardottt/missing-cve-nuclei-templates/blob/main/data/year/2007.txt) |
44-
| 2008 | 1502 | [2008.txt](https://github.com/edoardottt/missing-cve-nuclei-templates/blob/main/data/year/2008.txt) |
45-
| 2009 | 395 | [2009.txt](https://github.com/edoardottt/missing-cve-nuclei-templates/blob/main/data/year/2009.txt) |
46-
| 2010 | 230 | [2010.txt](https://github.com/edoardottt/missing-cve-nuclei-templates/blob/main/data/year/2010.txt) |
47-
| 2011 | 174 | [2011.txt](https://github.com/edoardottt/missing-cve-nuclei-templates/blob/main/data/year/2011.txt) |
48-
| 2012 | 374 | [2012.txt](https://github.com/edoardottt/missing-cve-nuclei-templates/blob/main/data/year/2012.txt) |
49-
| 2013 | 319 | [2013.txt](https://github.com/edoardottt/missing-cve-nuclei-templates/blob/main/data/year/2013.txt) |
50-
| 2014 | 698 | [2014.txt](https://github.com/edoardottt/missing-cve-nuclei-templates/blob/main/data/year/2014.txt) |
51-
| 2015 | 712 | [2015.txt](https://github.com/edoardottt/missing-cve-nuclei-templates/blob/main/data/year/2015.txt) |
52-
| 2016 | 613 | [2016.txt](https://github.com/edoardottt/missing-cve-nuclei-templates/blob/main/data/year/2016.txt) |
53-
| 2017 | 2170 | [2017.txt](https://github.com/edoardottt/missing-cve-nuclei-templates/blob/main/data/year/2017.txt) |
54-
| 2018 | 3296 | [2018.txt](https://github.com/edoardottt/missing-cve-nuclei-templates/blob/main/data/year/2018.txt) |
55-
| 2019 | 2560 | [2019.txt](https://github.com/edoardottt/missing-cve-nuclei-templates/blob/main/data/year/2019.txt) |
56-
| 2020 | 3734 | [2020.txt](https://github.com/edoardottt/missing-cve-nuclei-templates/blob/main/data/year/2020.txt) |
57-
| 2021 | 3302 | [2021.txt](https://github.com/edoardottt/missing-cve-nuclei-templates/blob/main/data/year/2021.txt) |
58-
| 2022 | 4182 | [2022.txt](https://github.com/edoardottt/missing-cve-nuclei-templates/blob/main/data/year/2022.txt) |
38+
| 2001 | 6 | [2001.txt](https://github.com/edoardottt/missing-cve-nuclei-templates/blob/main/data/year/2001.txt) |
39+
| 2002 | 16 | [2002.txt](https://github.com/edoardottt/missing-cve-nuclei-templates/blob/main/data/year/2002.txt) |
40+
| 2003 | 24 | [2003.txt](https://github.com/edoardottt/missing-cve-nuclei-templates/blob/main/data/year/2003.txt) |
41+
| 2004 | 86 | [2004.txt](https://github.com/edoardottt/missing-cve-nuclei-templates/blob/main/data/year/2004.txt) |
42+
| 2005 | 307 | [2005.txt](https://github.com/edoardottt/missing-cve-nuclei-templates/blob/main/data/year/2005.txt) |
43+
| 2006 | 791 | [2006.txt](https://github.com/edoardottt/missing-cve-nuclei-templates/blob/main/data/year/2006.txt) |
44+
| 2007 | 925 | [2007.txt](https://github.com/edoardottt/missing-cve-nuclei-templates/blob/main/data/year/2007.txt) |
45+
| 2008 | 1860 | [2008.txt](https://github.com/edoardottt/missing-cve-nuclei-templates/blob/main/data/year/2008.txt) |
46+
| 2009 | 512 | [2009.txt](https://github.com/edoardottt/missing-cve-nuclei-templates/blob/main/data/year/2009.txt) |
47+
| 2010 | 282 | [2010.txt](https://github.com/edoardottt/missing-cve-nuclei-templates/blob/main/data/year/2010.txt) |
48+
| 2011 | 203 | [2011.txt](https://github.com/edoardottt/missing-cve-nuclei-templates/blob/main/data/year/2011.txt) |
49+
| 2012 | 405 | [2012.txt](https://github.com/edoardottt/missing-cve-nuclei-templates/blob/main/data/year/2012.txt) |
50+
| 2013 | 358 | [2013.txt](https://github.com/edoardottt/missing-cve-nuclei-templates/blob/main/data/year/2013.txt) |
51+
| 2014 | 783 | [2014.txt](https://github.com/edoardottt/missing-cve-nuclei-templates/blob/main/data/year/2014.txt) |
52+
| 2015 | 793 | [2015.txt](https://github.com/edoardottt/missing-cve-nuclei-templates/blob/main/data/year/2015.txt) |
53+
| 2016 | 500 | [2016.txt](https://github.com/edoardottt/missing-cve-nuclei-templates/blob/main/data/year/2016.txt) |
54+
| 2017 | 1271 | [2017.txt](https://github.com/edoardottt/missing-cve-nuclei-templates/blob/main/data/year/2017.txt) |
55+
| 2018 | 1812 | [2018.txt](https://github.com/edoardottt/missing-cve-nuclei-templates/blob/main/data/year/2018.txt) |
56+
| 2019 | 1382 | [2019.txt](https://github.com/edoardottt/missing-cve-nuclei-templates/blob/main/data/year/2019.txt) |
57+
| 2020 | 2005 | [2020.txt](https://github.com/edoardottt/missing-cve-nuclei-templates/blob/main/data/year/2020.txt) |
58+
| 2021 | 1763 | [2021.txt](https://github.com/edoardottt/missing-cve-nuclei-templates/blob/main/data/year/2021.txt) |
59+
| 2022 | 2280 | [2022.txt](https://github.com/edoardottt/missing-cve-nuclei-templates/blob/main/data/year/2022.txt) |
5960
| 2023 | 0 | [2023.txt](https://github.com/edoardottt/missing-cve-nuclei-templates/blob/main/data/year/2023.txt) |
6061

6162
Why 🤔
@@ -76,14 +77,15 @@ for each cve in trickest/cve:
7677
print it
7778
```
7879

79-
- Which are the "words we are looking for"? `reflected`, `rce`, `local file inclusion`, `server side request forgery`, `ssrf`, `remote code execution`, `remote command execution`, `command injection`, `code injection`, `ssti`, `template injection`, `lfi`, `xss`, `Cross-Site Scripting`, `Cross Site Scripting`, `SQL injection`, `Prototype pollution`, `XML External Entity`, `Request Smuggling`, `XXE`, `Open redirect`.
80+
- Which are the "words we are looking for"? `reflected`, `rce`, `local file inclusion`, `server side request forgery`, `ssrf`, `remote code execution`, `remote command execution`, `command injection`, `code injection`, `ssti`, `template injection`, `lfi`, `xss`, `Cross-Site Scripting`, `Cross Site Scripting`, `SQL injection`, `Prototype pollution`, `XML External Entity`, `Request Smuggling`, `XXE`, `Open redirect`, `Path Traversal` and `Directory Traversal`.
8081

81-
- This means the tracked vulnerability types are: XSS, RCE, SQL injection, Local File Inclusion, Server Side Request Forgery, Prototype Pollution, Request Smuggling, Open Redirect, XML Enternal Entity and Server Side Template Injection; but new vuln types will be supported.
82+
- This means the tracked vulnerability types are: XSS, RCE, SQL injection, Local File Inclusion, Server Side Request Forgery, Prototype Pollution, Request Smuggling, Open Redirect, XML Enternal Entity, Path Traversal and Server Side Template Injection; but new vuln types will be supported.
8283

8384
- Why there can be errors in categorizing CVEs? Because when grepping for these words there can be false positives, meaning that an XXE vulnerability can be categorized as RCE because e.g. it says "in certain situations can be escalated to rce".
8485

8586
- Why if I subtract the "CVEs missing" from the "CVEs analyzed" I don't get the exact official nuclei templates count? Because as said before the tracked vuln types are just 10 (the most famous ones), but a lot of other types are reported as well (and they will be supported).
8687

88+
- What does it mean a CVE is suitable for Nuclei? Basically a remote web or network vulnerability (e.g. a CVE on Android is not suitable).
8789

8890
Contributing 🛠
8991
-------

0 commit comments

Comments
 (0)