{"id":26045109,"url":"https://github.com/fandigunawan/vulnerable-flask-application","last_synced_at":"2026-04-18T12:03:56.436Z","repository":{"id":280105780,"uuid":"940992911","full_name":"fandigunawan/vulnerable-flask-application","owner":"fandigunawan","description":"A vulnerable Python Flask application for OWASP TOP 10 vulnerabilities demo","archived":false,"fork":false,"pushed_at":"2025-03-01T14:39:19.000Z","size":18,"stargazers_count":1,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-10-25T22:32:50.249Z","etag":null,"topics":["flask","owasp","owasp-top-10","python","vulnerable-web-app"],"latest_commit_sha":null,"homepage":"","language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/fandigunawan.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-03-01T08:12:21.000Z","updated_at":"2025-03-02T07:10:09.000Z","dependencies_parsed_at":"2025-03-01T09:39:17.801Z","dependency_job_id":null,"html_url":"https://github.com/fandigunawan/vulnerable-flask-application","commit_stats":null,"previous_names":["fandigunawan/vulnerable-flask-application"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/fandigunawan/vulnerable-flask-application","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fandigunawan%2Fvulnerable-flask-application","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fandigunawan%2Fvulnerable-flask-application/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fandigunawan%2Fvulnerable-flask-application/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fandigunawan%2Fvulnerable-flask-application/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/fandigunawan","download_url":"https://codeload.github.com/fandigunawan/vulnerable-flask-application/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fandigunawan%2Fvulnerable-flask-application/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31967993,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-18T00:39:45.007Z","status":"online","status_checked_at":"2026-04-18T02:00:07.018Z","response_time":103,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["flask","owasp","owasp-top-10","python","vulnerable-web-app"],"created_at":"2025-03-07T19:31:36.540Z","updated_at":"2026-04-18T12:03:56.406Z","avatar_url":"https://github.com/fandigunawan.png","language":"HTML","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Vulnerable Flask Application\n\n**WARNING: This application contains intentional security vulnerabilities!**\n\nThis is a deliberately vulnerable Flask application that demonstrates the OWASP Top 10 web application security risks. It is intended for educational purposes only, to help developers understand common security vulnerabilities and how to prevent them.\n\n## OWASP Top 10 Vulnerabilities Demonstrated\n\n1. **Broken Access Control** - Missing authentication checks, insecure direct object references\n2. **Cryptographic Failures** - Storing passwords in plaintext, weak encryption\n3. **Injection** - SQL injection, command injection\n4. **Insecure Design** - Weak password reset functionality\n5. **Security Misconfiguration** - Debug information exposure\n6. **Vulnerable and Outdated Components** - Using outdated libraries\n7. **Identification and Authentication Failures** - Weak password policies, no account lockout\n8. **Software and Data Integrity Failures** - Insecure deserialization\n9. **Security Logging and Monitoring Failures** - Insufficient logging\n10. **Server-Side Request Forgery (SSRF)** - Unvalidated URL fetching\n\n## Setup Instructions\n0. Install Python 3.8.* (old and unsupported Python version).\\\nUse pyenv and env to prevent this obsolete version from ruining your computer.\n1. Install the required dependencies:\n   ```\n   pip install -r requirements.txt\n   ```\n\n2. Run the application:\n   ```\n   python app.py\n   ```\n\n3. Access the application at http://127.0.0.1:5000\n\n## Default Credentials\n\n- Username: admin\n- Password: admin123\n\n## Educational Purpose\n\nThis application is designed for:\n- Security training\n- Learning about web vulnerabilities\n- Understanding how to fix security issues\n- Practicing security testing techniques\n\n## DO NOT USE IN PRODUCTION\n\nThis application is intentionally insecure and should never be deployed in a production environment or exposed to the public internet.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffandigunawan%2Fvulnerable-flask-application","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffandigunawan%2Fvulnerable-flask-application","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffandigunawan%2Fvulnerable-flask-application/lists"}