Skip to content

@vulnerable-apps vulnerable-apps

Change the repository type filter

All

    Repositories list

    151 repositories

    • nosql-injection-vulnapp

      Public
      NIVA is a simple web application which is intentionally vulnerable to NoSQL injection. The purpose of this project is to facilitate a better understanding of the NoSQL injection vulnerability among a wide audience of software engineers, security engineers, pentesters, and trainers.
      Java
      MIT License
      5001Updated Nov 12, 2024Nov 12, 2024

    • simple-ssrf

      Public
      Simple deliberately vulnerable API demonstrating Server-Side Request Forgery (SSRF).
      Python
      0004Updated Nov 9, 2024Nov 9, 2024

    • terragoat

      Public
      TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository. TerraGoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.
      terraformtfsecsemgrep
      HCL
      Apache License 2.0
      2.4k000Updated Nov 8, 2024Nov 8, 2024

    • SSRF_Vulnerable_Lab

      Public
      This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack
      PHP
      MIT License
      175000Updated Nov 8, 2024Nov 8, 2024

    • Vulnerable-JWT

      Public
      Collection of vulnerable APIs/apps to test JWT attacks
      JavaScript
      2308Updated Oct 31, 2024Oct 31, 2024

    • crazy-vulnerable-nodejs-application

      Public
      CVNA
      JavaScript
      12001Updated Oct 26, 2024Oct 26, 2024

    • yrpreyTasksNodeJS

      Public
      PHP
      1002Updated Oct 20, 2024Oct 20, 2024

    • brokencrystals-demo

      Public
      Mirror of broken crystals, but with specific dockerfiles for easy docker compose
      TypeScript
      MIT License
      1005Updated Oct 17, 2024Oct 17, 2024

    • brokencrystals

      Public
      A Broken Application - Very Vulnerable!
      TypeScript
      MIT License
      202000Updated Oct 16, 2024Oct 16, 2024

    • vuln-graphql-api

      Public
      A very vulnerable implementation of a GraphQL API.
      TypeScript
      89002Updated Oct 11, 2024Oct 11, 2024

    • Tiredful-API-py3-beta

      Public
      Python 3 compatible repo of Tiredful API
      Python
      GNU General Public License v3.0
      5001Updated Oct 9, 2024Oct 9, 2024

    • dvcsharp-api

      Public
      Damn Vulnerable C# Application (API)
      C#
      MIT License
      219000Updated Sep 28, 2024Sep 28, 2024

    • WebGoat

      Public
      WebGoat is a deliberately insecure application
      JavaScript
      Other
      5.6k000Updated Sep 28, 2024Sep 28, 2024

    • Tiredful-API

      Public
      An intentionally designed broken web application based on REST API.
      Python
      GNU General Public License v3.0
      122000Updated Sep 27, 2024Sep 27, 2024

    • vuln_node_express

      Public
      JavaScript
      346000Updated Sep 27, 2024Sep 27, 2024

    • VulnerableApp

      Public
      OWASP VulnerableApp Project: For Security Enthusiasts by Security Enthusiasts.
      Java
      Apache License 2.0
      398000Updated Sep 27, 2024Sep 27, 2024

    • DVWA

      Public
      Damn Vulnerable Web Application (DVWA)
      PHP
      GNU General Public License v3.0
      3.6k100Updated Sep 27, 2024Sep 27, 2024

    • Remediation-Demo

      Public
      Python
      Apache License 2.0
      0000Updated Sep 19, 2024Sep 19, 2024

    • VulnerableCoreApp

      Public
      Mirror of https://github.com/zsusac/VulnerableCoreApp
      HTML
      0000Updated Sep 19, 2024Sep 19, 2024

    • VulnerableLightApp

      Public
      Vulnerable API for educational purposes
      C#
      GNU General Public License v3.0
      38100Updated Sep 10, 2024Sep 10, 2024

    • grpc-web-playground

      Public
      The main goal of this repo is to learn about the gRPC communication patterns and hunt for vulnerabilities in the gRPC-Web app to improve your hunting skills
      JavaScript
      MIT License
      4002Updated Aug 31, 2024Aug 31, 2024

    • xss-fastapi

      Public
      Recreation of https://xss-game.appspot.com/
      CSS
      Apache License 2.0
      2001Updated Aug 28, 2024Aug 28, 2024

    • VAmPI

      Public
      Vulnerable REST API with OWASP top 10 vulnerabilities for APIs
      flaskdocker-compose
      Python
      MIT License
      366000Updated Aug 23, 2024Aug 23, 2024

    • juice-shop

      Public
      OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
      javascriptangular
      TypeScript
      MIT License
      11k100Updated Aug 1, 2024Aug 1, 2024

    • javaspringvulny

      Public
      javaspringvulny - a Spring Boot web application built wrong on purpose
      Java
      199000Updated Jul 13, 2024Jul 13, 2024

    • railsgoat-cicd-lab

      Public
      CI/CD lab demonstrating static and dynamic security analysis of RailsGoat app
      Groovy
      MIT License
      1000Updated Jul 12, 2024Jul 12, 2024

    • YrpreyPathTraversal

      Public
      CSS
      1000Updated Jul 5, 2024Jul 5, 2024

    • ypreyAPIPython

      Public
      HTML
      2000Updated Jul 3, 2024Jul 3, 2024

    • yrpreyTasksPython

      Public
      PHP
      2000Updated Jul 2, 2024Jul 2, 2024

    • yrpreyC

      Public
      C++
      1000Updated Jul 2, 2024Jul 2, 2024