diff --git a/file/python/python-scanner.yaml b/file/python/python-scanner.yaml
index 8efec98d89..4debdc68b3 100644
--- a/file/python/python-scanner.yaml
+++ b/file/python/python-scanner.yaml
@@ -4,7 +4,7 @@ info:
   name: Python Scanner
   author: majidmc2
   severity: info
-  description: Indicators for dangerous Python functions
+  description: Nuclei template to detect potentially dangerous Python functions in Python files. The template checks for functions that could lead to code injection, command injection, loading untrusted data, and SQL injection vulnerabilities.
   reference:
     - https://www.kevinlondon.com/2015/07/26/dangerous-python-functions.html
     - https://www.kevinlondon.com/2015/08/15/dangerous-python-functions-pt2.html
@@ -21,26 +21,38 @@ file:
           - 'exec'
           - 'eval'
           - '__import__'
-
+          - 'execfile'
+          
       - type: regex
         name: command-injection
         regex:
           - 'subprocess.call\(.*shell=True.*\)'
           - 'os.system'
-          - 'os.popen'
+          - 'os.popen\d?'
+          - 'subprocess.run'
+          - 'commands.getoutput'
 
       - type: regex
         name: untrusted-source
         regex:
-          - 'pickle.loads'
-          - 'cPickle.loads'
+          - 'pickle\.loads'
+          - 'c?Pickle\.loads?'
+          - 'marshal\.loads'
+          - 'pickle\.Unpickler
 
       - type: regex
         name: dangerous-yaml
         regex:
-          - 'yaml.load'
+          regex:
+          - 'yaml\.load'
+          - 'yaml\.safe_load'
 
       - type: regex
         name: sqli
         regex:
-          - 'cursor.execute'
\ No newline at end of file
+          regex:
+          - 'cursor\.execute'
+          - 'sqlite3\.execute'
+          - 'MySQLdb\.execute'
+          - 'psycopg2\.execute'
+          - 'cx_Oracle\.execute'