All Categories → Security → vulnerabilities

Top 137 vulnerabilities open source projects

Awesome Buggy Erc20 Tokens
A Collection of Vulnerabilities in ERC20 Smart Contracts With Tokens Affected
Securityexploits
This repo has been migrated to https://github.com/github/security-lab/tree/master/SecurityExploits
Insecureprogramming
mirror of gera's insecure programming examples | http://community.coresecurity.com/~gera/InsecureProgramming/
Vulnerability Rating Taxonomy
Bugcrowd’s baseline priority ratings for common security vulnerabilities
Cve Bin Tool
This tool scans for a number of common, vulnerable components (openssl, libpng, libxml2, expat and a few others) to let you know if your system includes common libraries with known vulnerabilities.
Vulny Code Static Analysis
Python script to detect vulnerabilities inside PHP source code using static analysis, based on regex
Vulnerable Kext
A WIP "Vulnerable by Design" kext for iOS/macOS to play & learn *OS kernel exploitation
Sbt Dependency Check
SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈
Dasp
The Decentralized Application Security Project
Mysapadventures
A quick methodology on testing / hacking SAP Applications for n00bz and bug bounty hunters
Laravel Security Checker
Added Laravel functionality to Enlightn Security Checker. Adds a command to check for, and optionally emails you, vulnerabilities when they affect you.
Vulnix
Vulnerability (CVE) scanner for Nix/NixOS.
0days In The Wild
Repository for information about 0-days exploited in-the-wild.
Vulncost
Find security vulnerabilities in open source npm packages while you code
Awesome Vulnerable
A curated list of VULNERABLE APPS and SYSTEMS which can be used as PENETRATION TESTING PRACTICE LAB.
Security Advisories
A database of PHP security advisories
Vuln Web Apps
A curated list of vulnerable web applications.
Is Website Vulnerable
finds publicly known security vulnerabilities in a website's frontend JavaScript libraries
Pakuri
Penetration test Achieve Knowledge Unite Rapid Interface
Docker Vulnerable Dvwa
Damn Vulnerable Web Application Docker container
Arissploit
Arissploit Framework is a simple framework designed to master penetration testing tools. Arissploit Framework offers simple structure, basic CLI, and useful features for learning and developing penetration testing tools.
Poc Exploits
Select proof-of-concept exploits for software vulnerabilities to aid in identifying and testing vulnerable systems.
Nodegoat
The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.
S2e
S2E: A platform for multi-path program analysis with selective symbolic execution.
Cvebase.com
cvebase is a community-driven vulnerability data platform to discover the world's top security researchers and their latest disclosed vulnerabilities & PoCs
Thoron
Thoron Framework is a Linux post-exploitation framework that exploits Linux TCP vulnerability to provide a shell-like connection. Thoron Framework has the ability to create simple payloads to provide Linux TCP attack.
Vwgen
Vulnerable Web applications Generator
Anchore Engine
A service that analyzes docker images and applies user-defined acceptance policies to allow automated container image validation and certification
Openvulnapi
Documentation and Tools for Cisco's PSIRT openVuln API
Hacker ezines
A collection of electronic hacker magazines carefully curated over the years from multiple sources
Vulmap
Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能
Jaeles
The Swiss Army knife for automated Web Application Testing
Clair
Vulnerability Static Analysis for Containers
Reconftw
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Bugrequest
Sniffer vulnerabilities in http request (chrome extension)
Dagda
a tool to perform static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in docker images/containers and to monitor the docker daemon and running docker containers for detecting anomalous activities
Hacker Roadmap
📌 Your beginner pen-testing start guide. A guide for amateur pen testers and a collection of hacking tools, resources and references to practice ethical hacking and web security.
Oss Fuzz
OSS-Fuzz - continuous fuzzing for open source software.
Not So Smart Contracts
Examples of Solidity security issues
Dependency Track
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
Railsgoat
A vulnerable version of Rails that follows the OWASP Top 10
1-60 of 137 vulnerabilities projects