Projects in Awesome Lists tagged with vulnerable-application
A curated list of projects in awesome lists tagged with vulnerable-application .
https://github.com/roottusk/vapi
vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.
api apitop10 appsec appsec-tutorials bugbounty cors docker exercises hacktoberfest hacktoberfest-accepted owasp owasp-top-10 owasp-top-ten php postman vulnerable-application
Last synced: 14 May 2025
https://github.com/oversecured/ovaa
Oversecured Vulnerable Android App
android-security appsec mobile-security vulnerable-android-apps vulnerable-application
Last synced: 17 Jan 2026
https://github.com/rewanthtammana/Damn-Vulnerable-Bank
Damn Vulnerable Bank is designed to be an intentionally vulnerable android application. This provides an interface to assess your android application security hacking skills.
android android-security application-security damn-vulnerable-bank hacking hacktoberfest infosec pentesting security vulnerable-android-apps vulnerable-application
Last synced: 08 Apr 2025
https://github.com/sasanlabs/vulnerableapp
OWASP VulnerableApp Project: Break it. Scan it. Reproduce it. Benchmark against it. Improve it.
appsec burpsuite css hacktoberfest java javascript learn-security owasp owasp-zap payload-testing practice-hacking spring-boot test-vulnerability-scanning-tools vulnerability vulnerability-scanning vulnerable-application
Last synced: 03 Jul 2026
https://github.com/SasanLabs/VulnerableApp
OWASP VulnerableApp Project: For Security Enthusiasts by Security Enthusiasts.
appsec burpsuite css hacktoberfest java javascript learn-security owasp owasp-zap payload-testing practice-hacking spring-boot test-vulnerability-scanning-tools vulnerability vulnerability-scanning vulnerable-application
Last synced: 11 Jul 2025
https://github.com/logicalhacking/dvhma
Damn Vulnerable Hybrid Mobile App (DVHMA) is an hybrid mobile app (for Android) that intentionally contains vulnerabilities.
android cordova vulnerability vulnerable-application
Last synced: 05 Oct 2025
https://github.com/logicalhacking/DVHMA
Damn Vulnerable Hybrid Mobile App (DVHMA) is an hybrid mobile app (for Android) that intentionally contains vulnerabilities.
android cordova vulnerability vulnerable-application
Last synced: 26 Mar 2025
https://github.com/htbridge/pivaa
Created by High-Tech Bridge, the Purposefully Insecure and Vulnerable Android Application (PIVAA) replaces outdated DIVA for benchmark of mobile vulnerability scanners.
android-application mobile-security vulnerable-application
Last synced: 26 Mar 2025
https://github.com/HTBridge/pivaa
Created by High-Tech Bridge, the Purposefully Insecure and Vulnerable Android Application (PIVAA) replaces outdated DIVA for benchmark of mobile vulnerability scanners.
android-application mobile-security vulnerable-application
Last synced: 13 Mar 2025
https://github.com/jaiswalakshansh/Vuldroid
Vuldroid is a Vulnerable Android Application made with security issues in order to demonstrate how they can occur in code
android-application android-security application-security deeplink vulnerable-application webview-xss
Last synced: 22 Apr 2025
https://github.com/sasanlabs/vulnerableapp-facade
VulnerableApp-facade is probably most modern lightweight distributed farm of Vulnerable Applications built for handling wide range of vulnerabilities across tech stacks.
distributed-vulnerable-application docker docker-compose gateway hacktoberfest lightweight lua nginx openresty owasp-zap proxy-server react sasanlabs typescript vulnerable-application vulnerable-web-application
Last synced: 02 Apr 2026
https://github.com/Aif4thah/VulnerableLightApp
Vulnerable API for research and education
api cybersecurity-education cybersecurity-training docker dotnet educational-project hacking hacking-challenge hacking-competitions owasp-top-10 pentest research research-and-development vulnerable vulnerable-api vulnerable-application vulnerable-server vulnerable-web-app vulnerable-web-application web-api
Last synced: 22 Apr 2025
https://github.com/arall/vulnerabilities
Examples of different vulnerabilities, in a variety of languages, shapes and sizes.
dast sast security vulnerabilities vulnerability vulnerable vulnerable-app vulnerable-application
Last synced: 22 Jan 2026
https://github.com/codingo/cracknet
A .net Crackme Challenge made for the SecTalks Brisbane 2017 Capture the Flag Event. Writeup/solution included.
capture-the-flag challenge challenges ctf ctf-challenges ctf-solutions ctf-writeups decompile ida radare2 reverse-engineering security vulnerable vulnerable-application writeup
Last synced: 16 Sep 2025
https://github.com/sec4you/vulnlabs
docker-compose bringing up multiple vulnerable applications inside containers.
docker docker-compose vulnerabilities vulnerable vulnerable-application vulnerable-container vulnerable-web-app
Last synced: 20 Jun 2025
https://github.com/m3ssap0/wordpress-really-simple-security-authn-bypass-vulnerable-application
WARNING: This is a vulnerable application to test the exploit for the Really Simple Security < 9.1.2 authentication bypass (CVE-2024-10924). Run it at your own risk!
authentication-bypass cve-2024-10924 really-simple-security vulnerable-application wordpress
Last synced: 24 Oct 2025
https://github.com/videvelopers/vulnerable-flask-app
This is a vulnerable Flask web application designed to provide a lab environment for people who want to improve their web penetration testing skills. It includes multiple types of vulnerabilities for you to practice exploiting.
flask flask-application penetration-testing python vulnerable vulnerable-application vulnerable-flask-app
Last synced: 24 Sep 2025
https://github.com/logicalhacking/dvgm
Vulnerable Grade Management System
application-security software-security vulnerability vulnerable-application
Last synced: 10 Aug 2025
https://github.com/m3ssap0/wordpress-jetpack-broken-access-control-vulnerable-application
WARNING: This is a vulnerable application to test the exploit for the Jetpack < 13.9.1 broken access control (CVE-2024-9926). Run it at your own risk!
broken-access-control cve-2024-9926 jetpack vulnerable-application wordpress
Last synced: 25 Jan 2026
https://github.com/m3ssap0/cacti-rce-cve-2022-46169-vulnerable-application
WARNING: This is a vulnerable application to test the exploit for the Cacti command injection (CVE-2022-46169). Run it at your own risk!
cacti command-injection cve-2022-46169 rce vulnerable-application
Last synced: 13 May 2026
https://github.com/deemoun/vulnerable-bank-app-demo
Intentionally Vulnerable Demo bank app for security analysts and Test Engineers
cybersecurity-education qaengineer testautomation vulnerable-application
Last synced: 08 Jun 2026
https://github.com/dr34mhacks/operation-file-hunt
A vulnerable lab for understanding difference between LFI and File Retrieval
lfi lfi-exploitation rce vulnerable-application
Last synced: 30 Apr 2026
https://github.com/hitman472005/security-project
🔒 Build a secure application with robust authentication and authorization using Spring Boot and Angular, ensuring safe user roles and access control.
apple documentation-portal hacking hacktoberfest jwt linux network-programming owasp owasp-zap practice-hacking programming project security spring-boot spring-security spring-security-oauth2 vulnerable-application zsh
Last synced: 04 May 2026
https://github.com/m3ssap0/cacti-rce-snmp-options-vulnerable-application
WARNING: This is a vulnerable application to test the exploit for the Cacti command injection (CVE-2023-39362). Run it at your own risk!
cacti command-injection cve-2023-39362 rce vulnerable-application
Last synced: 30 Aug 2025