Skip to content

Navigation Menu

Appearance settings

vulnerable-code

Explore
By company size
By use case
By industry
View all solutions
Topics
- AI
- DevOps
- Security
- Software Development
- View all
Explore
- GitHub Sponsors
  Fund open source developers
- The ReadME Project
  GitHub community articles
Repositories
- Enterprise platform
  AI-powered developer platform
Available add-ons
Pricing

Search code, repositories, users, issues, pull requests...

Search

Clear

Search syntax tips

Provide feedback

We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted

Saved searches

Use saved searches to filter your results more quickly

Name

Query

To see all available qualifiers, see our documentation.

Appearance settings

You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session.

Dismiss alert

Vulnerable Code

Daily-updated repository of vulnerable code for benchmarking security tools and applications.

4 followers
https://www.secologist.com/
https://github.com/secologist/
github@secologist.com

Overview
Repositories
Projects
Packages
People

More

Overview
Repositories
Projects
Packages
People

Pinned Loading

sync-forked-repositories sync-forked-repositories Public

An scheduler to sync all forked repositories daily

1

Repositories

Loading

Type

Select type

All Public Sources Forks Archived Mirrors Templates

Language

Select language

All Bicep C C# C++ CSS Dockerfile Go HCL HTML Java JavaScript Kotlin PHP Python Ruby Rust Scala SCSS Shell Solidity Starlark TypeScript

Sort

Select order

Last updated Name Stars

Showing 10 of 113 repositories

supplygoat Public Forked from guyeisenkot/supplygoat
"Vulnerable by Design" supply chain is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.

vulnerable-code/supplygoat’s past year of commit activity

HCL 0 Apache-2.0 281 0 10 Updated Aug 7, 2025
NodeGoat Public Forked from OWASP/NodeGoat
The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.

vulnerable-code/NodeGoat’s past year of commit activity

HTML 0 Apache-2.0 2,013 0 3 Updated Aug 7, 2025
wrongsecrets Public Forked from OWASP/wrongsecrets
Vulnerable app with examples showing how to not use secrets

vulnerable-code/wrongsecrets’s past year of commit activity

Java 0 AGPL-3.0 474 0 5 Updated Aug 6, 2025
kubernetes-goat Public Forked from madhuakula/kubernetes-goat
Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀

vulnerable-code/kubernetes-goat’s past year of commit activity

HTML 0 MIT 919 0 5 Updated Aug 5, 2025
Vulnerable-OAuth-2.0-Applications Public Forked from koenbuyens/Vulnerable-OAuth-2.0-Applications
vulnerable OAuth 2.0 applications: understand the security implications of your OAuth 2.0 decisions.

vulnerable-code/Vulnerable-OAuth-2.0-Applications’s past year of commit activity

JavaScript 0 79 0 3 Updated Jul 22, 2025
shiftleft-js-demo Public Forked from ShiftLeftSecurity/shiftleft-js-demo

vulnerable-code/shiftleft-js-demo’s past year of commit activity

JavaScript 0 Apache-2.0 444 0 3 Updated Jul 22, 2025
Goatlin Public Forked from Checkmarx/Goatlin
(aka Kotlin Goat) - an intentionally vulnerable Kotlin application

vulnerable-code/Goatlin’s past year of commit activity

Kotlin 0 GPL-3.0 159 0 1 Updated Jul 18, 2025
java-sec-code Public Forked from JoyChou93/java-sec-code
Java web common vulnerabilities and security code which is base on springboot and spring security

vulnerable-code/java-sec-code’s past year of commit activity

Java 0 740 0 3 Updated Jun 27, 2025
damn-vulnerable-defi Public Forked from OpenZeppelin/damn-vulnerable-defi

vulnerable-code/damn-vulnerable-defi’s past year of commit activity

Solidity 0 MIT 1,386 0 2 Updated Jun 24, 2025
Damn-Vulnerable-GraphQL-Application Public Forked from dolevf/Damn-Vulnerable-GraphQL-Application
Damn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook's GraphQL technology, to learn and practice GraphQL Security.

vulnerable-code/Damn-Vulnerable-GraphQL-Application’s past year of commit activity

JavaScript 0 MIT 346 0 4 Updated Jun 18, 2025

View all repositories

People

This organization has no public members. You must be a member to see who’s a part of this organization.

Top languages

Loading…

Uh oh!

There was an error while loading. Please reload this page.

Most used topics

Loading…

Uh oh!

There was an error while loading. Please reload this page.

Footer

© 2025 GitHub, Inc.

Footer navigation

Terms
Privacy
Security
Status
Docs
Contact

You can’t perform that action at this time.