https://github.com/arall/vulnerabilities

Examples of different vulnerabilities, in a variety of languages, shapes and sizes.
https://github.com/arall/vulnerabilities

dast sast security vulnerabilities vulnerability vulnerable vulnerable-app vulnerable-application

Last synced: 4 months ago
JSON representation

Examples of different vulnerabilities, in a variety of languages, shapes and sizes.

• Host: GitHub
• URL: https://github.com/arall/vulnerabilities
• Owner: arall
• Created: 2020-10-09T13:58:47.000Z (over 5 years ago)
• Default Branch: master
• Last Pushed: 2024-03-07T15:36:10.000Z (about 2 years ago)
• Last Synced: 2025-09-30T09:40:36.733Z (8 months ago)
• Topics: dast, sast, security, vulnerabilities, vulnerability, vulnerable, vulnerable-app, vulnerable-application
• Language: HTML
• Homepage:
• Size: 5.13 MB
• Stars: 29
• Watchers: 1
• Forks: 16
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# Vulnerabilities

Examples of different vulnerabilities, in a variety of languages, shapes and sizes.

Useful for testing DAST and SAST tools.

# Security

If you plan to host this, make sure only /web is reachable!

# Sources

- https://rules.sonarsource.com/

- https://semgrep.dev/docs/cheat-sheets

# List of Intended vulnerabilities

## Dependencies

* go (`go.mod`)

  * grafana v8.2.3

* java

  * maven (`pom.xml`)

    * jackson-databind 2.9.2

    * log4j-core 2.10.0

* javascript

  * Static file (`jquery.min.js`)

    * jQuery v3.4.1

* nodejs

  * npm (`yarn.lock` & `package.json`)

    * tenvoy 7.0.2

  * yarn (`package-lock.json` & `package.json`)

    * tenvoy 7.0.2

* php

  * composer (`composer.lock` & `composer.json`)

    * phpmailer/phpmaile 6.4.1

    * league/flysystem 1.1.3 ("forced" inherit dependency vulnerability)

* python

  * pip (`requirements.txt`)

    * tendenci 12.0.10

## Code

TODO