An open API service indexing awesome lists of open source software.

Projects in Awesome Lists tagged with vulnerable-application

A curated list of projects in awesome lists tagged with vulnerable-application .

https://github.com/roottusk/vapi

vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.

api apitop10 appsec appsec-tutorials bugbounty cors docker exercises hacktoberfest hacktoberfest-accepted owasp owasp-top-10 owasp-top-ten php postman vulnerable-application

Last synced: 14 May 2025

https://github.com/rewanthtammana/Damn-Vulnerable-Bank

Damn Vulnerable Bank is designed to be an intentionally vulnerable android application. This provides an interface to assess your android application security hacking skills.

android android-security application-security damn-vulnerable-bank hacking hacktoberfest infosec pentesting security vulnerable-android-apps vulnerable-application

Last synced: 08 Apr 2025

https://github.com/logicalhacking/dvhma

Damn Vulnerable Hybrid Mobile App (DVHMA) is an hybrid mobile app (for Android) that intentionally contains vulnerabilities.

android cordova vulnerability vulnerable-application

Last synced: 05 Oct 2025

https://github.com/logicalhacking/DVHMA

Damn Vulnerable Hybrid Mobile App (DVHMA) is an hybrid mobile app (for Android) that intentionally contains vulnerabilities.

android cordova vulnerability vulnerable-application

Last synced: 26 Mar 2025

https://github.com/htbridge/pivaa

Created by High-Tech Bridge, the Purposefully Insecure and Vulnerable Android Application (PIVAA) replaces outdated DIVA for benchmark of mobile vulnerability scanners.

android-application mobile-security vulnerable-application

Last synced: 26 Mar 2025

https://github.com/HTBridge/pivaa

Created by High-Tech Bridge, the Purposefully Insecure and Vulnerable Android Application (PIVAA) replaces outdated DIVA for benchmark of mobile vulnerability scanners.

android-application mobile-security vulnerable-application

Last synced: 13 Mar 2025

https://github.com/jaiswalakshansh/Vuldroid

Vuldroid is a Vulnerable Android Application made with security issues in order to demonstrate how they can occur in code

android-application android-security application-security deeplink vulnerable-application webview-xss

Last synced: 22 Apr 2025

https://github.com/sasanlabs/vulnerableapp-facade

VulnerableApp-facade is probably most modern lightweight distributed farm of Vulnerable Applications built for handling wide range of vulnerabilities across tech stacks.

distributed-vulnerable-application docker docker-compose gateway hacktoberfest lightweight lua nginx openresty owasp-zap proxy-server react sasanlabs typescript vulnerable-application vulnerable-web-application

Last synced: 02 Apr 2026

https://github.com/arall/vulnerabilities

Examples of different vulnerabilities, in a variety of languages, shapes and sizes.

dast sast security vulnerabilities vulnerability vulnerable vulnerable-app vulnerable-application

Last synced: 22 Jan 2026

https://github.com/codingo/cracknet

A .net Crackme Challenge made for the SecTalks Brisbane 2017 Capture the Flag Event. Writeup/solution included.

capture-the-flag challenge challenges ctf ctf-challenges ctf-solutions ctf-writeups decompile ida radare2 reverse-engineering security vulnerable vulnerable-application writeup

Last synced: 16 Sep 2025

https://github.com/sec4you/vulnlabs

docker-compose bringing up multiple vulnerable applications inside containers.

docker docker-compose vulnerabilities vulnerable vulnerable-application vulnerable-container vulnerable-web-app

Last synced: 20 Jun 2025

https://github.com/m3ssap0/wordpress-really-simple-security-authn-bypass-vulnerable-application

WARNING: This is a vulnerable application to test the exploit for the Really Simple Security < 9.1.2 authentication bypass (CVE-2024-10924). Run it at your own risk!

authentication-bypass cve-2024-10924 really-simple-security vulnerable-application wordpress

Last synced: 24 Oct 2025

https://github.com/videvelopers/vulnerable-flask-app

This is a vulnerable Flask web application designed to provide a lab environment for people who want to improve their web penetration testing skills. It includes multiple types of vulnerabilities for you to practice exploiting.

flask flask-application penetration-testing python vulnerable vulnerable-application vulnerable-flask-app

Last synced: 24 Sep 2025

https://github.com/anir0y/vwa_docker

vulnerable web application

vulnerable-application

Last synced: 17 Jan 2026

https://github.com/m3ssap0/wordpress-jetpack-broken-access-control-vulnerable-application

WARNING: This is a vulnerable application to test the exploit for the Jetpack < 13.9.1 broken access control (CVE-2024-9926). Run it at your own risk!

broken-access-control cve-2024-9926 jetpack vulnerable-application wordpress

Last synced: 25 Jan 2026

https://github.com/m3ssap0/cacti-rce-cve-2022-46169-vulnerable-application

WARNING: This is a vulnerable application to test the exploit for the Cacti command injection (CVE-2022-46169). Run it at your own risk!

cacti command-injection cve-2022-46169 rce vulnerable-application

Last synced: 13 May 2026

https://github.com/deemoun/vulnerable-bank-app-demo

Intentionally Vulnerable Demo bank app for security analysts and Test Engineers

cybersecurity-education qaengineer testautomation vulnerable-application

Last synced: 08 Jun 2026

https://github.com/dr34mhacks/operation-file-hunt

A vulnerable lab for understanding difference between LFI and File Retrieval

lfi lfi-exploitation rce vulnerable-application

Last synced: 30 Apr 2026

https://github.com/hitman472005/security-project

🔒 Build a secure application with robust authentication and authorization using Spring Boot and Angular, ensuring safe user roles and access control.

apple documentation-portal hacking hacktoberfest jwt linux network-programming owasp owasp-zap practice-hacking programming project security spring-boot spring-security spring-security-oauth2 vulnerable-application zsh

Last synced: 04 May 2026

https://github.com/m3ssap0/cacti-rce-snmp-options-vulnerable-application

WARNING: This is a vulnerable application to test the exploit for the Cacti command injection (CVE-2023-39362). Run it at your own risk!

cacti command-injection cve-2023-39362 rce vulnerable-application

Last synced: 30 Aug 2025