OWASP/Vulnerable-Web-Application external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

OWASP/Vulnerable-Web-Application

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/OWASP/Vulnerable-Web-Application)

Close

OWASP / Vulnerable-Web-ApplicationView on GitHubMore

• External links
• Readme badge

OWASP Vulnerable Web Application Project https://github.com/hummingbirdscyber

☆404Jul 10, 2024Updated last year

Alternatives and similar repositories for Vulnerable-Web-Application

Users that are interested in Vulnerable-Web-Application are comparing it to the libraries listed below

• OWASP / OWASP-VWAD

  View on GitHub
  This repo is no longer in use. Please refer to https://github.com/OWASP/www-project-vulnerable-web-applications-directory
  ☆883Dec 15, 2025Updated 2 months ago
• OWASP / OWASPWebGoatPHP

  View on GitHub
  A deliberately vulnerable web application for learning web application security.
  ☆148Apr 28, 2025Updated 10 months ago
• OWASP / EnDe

  View on GitHub
  Encoder, Decoder, Converter, Calculator, TU WAS DU WILLST .. for various codings used in the wild wide web
  ☆41Jul 3, 2024Updated last year
• geeksonsecurity / vuln-web-apps

  View on GitHub
  A curated list of vulnerable web applications.
  ☆336Dec 30, 2023Updated 2 years ago
• hummingbirdscyber / Vulnerable-Web-Application

  View on GitHub
  ☆11Jan 9, 2024Updated 2 years ago
• lucideus-repo / UnSAFE_Bank

  View on GitHub
  Vulnerable Banking Suite
  ☆169Sep 29, 2025Updated 5 months ago
• vavkamil / awesome-vulnerable-apps

  View on GitHub
  Awesome Vulnerable Applications
  ☆1,368Jan 19, 2026Updated last month
• appsecco / dvja

  View on GitHub
  Damn Vulnerable Java (EE) Application
  ☆145Jan 23, 2024Updated 2 years ago
• OWASP / DVSA

  View on GitHub
  a Damn Vulnerable Serverless Application
  ☆542Sep 12, 2023Updated 2 years ago
• kaiiyer / awesome-vulnerable

  View on GitHub
  A curated list of VULNERABLE APPS and SYSTEMS which can be used as PENETRATION TESTING PRACTICE LAB.
  ☆1,260Jan 11, 2026Updated last month
• appsecco / sqlinjection-training-app

  View on GitHub
  A simple PHP application to learn SQL Injection detection and exploitation techniques.
  ☆127Oct 18, 2022Updated 3 years ago
• naryal2580 / vfapi

  View on GitHub
  Vulnerable FastAPI in reference to Opensource Web Application Security Project (OWASP) TOP 10: 2021
  ☆16Jan 3, 2022Updated 4 years ago
• djadmin / vulnerable-app

  View on GitHub
  A sample web application using Node.js, Express and Angular that is vulnerable to common security vulnerabilities.
  ☆10Jun 15, 2023Updated 2 years ago
• SasanLabs / VulnerableApp

  View on GitHub
  OWASP VulnerableApp Project: For Security Enthusiasts by Security Enthusiasts.
  ☆363Feb 21, 2026Updated last week
• webpwnized / mutillidae

  View on GitHub
  OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security training. This is…
  ☆1,469Aug 3, 2025Updated 6 months ago
• juice-shop / juice-shop-ctf

  View on GitHub
  Tool to export Juice Shop challenges and hints in data format compatible with CTFd, RootTheBox or FBCTF
  ☆463Jan 21, 2026Updated last month
• incredibleindishell / SSRF_Vulnerable_Lab

  View on GitHub
  This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack
  ☆762Aug 21, 2023Updated 2 years ago
• OWASP / RiskAssessmentFramework

  View on GitHub
  The Secure Coding Framework
  ☆272Aug 18, 2020Updated 5 years ago
• sec4you / VulnLabs

  View on GitHub
  docker-compose bringing up multiple vulnerable applications inside containers.
  ☆19Jan 29, 2018Updated 8 years ago
• kushagrasarathe / beginners-resources

  View on GitHub
  This repo contains resources that a beginner would need to get started in Web application penetration testing and bug hunting.
  ☆18Jul 24, 2022Updated 3 years ago
• CSPF-Founder / JavaVulnerableLab

  View on GitHub
  Vulnerable Java based Web Application
  ☆270Jun 20, 2024Updated last year
• appsecco / VyAPI

  View on GitHub
  VyAPI - A cloud based vulnerable hybrid Android App
  ☆86Feb 21, 2020Updated 6 years ago
• m6a-UdS / ssrf-lab

  View on GitHub
  Lab for exploring SSRF vulnerabilities
  ☆247May 30, 2021Updated 4 years ago
• OWASP / SecurityShepherd

  View on GitHub
  Web and mobile application security training platform
  ☆1,425Feb 10, 2026Updated 2 weeks ago
• Mad-robot / Recon-Style

  View on GitHub
  ☆12Apr 14, 2021Updated 4 years ago
• tjunxiang92 / Android-Vulnerabilities

  View on GitHub
  Covers Top 10 OWASP Mobile Vulnerabilities
  ☆123May 23, 2024Updated last year
• stamparm / DSVW

  View on GitHub
  Damn Small Vulnerable Web
  ☆857Dec 21, 2025Updated 2 months ago
• dineshshetty / BuggyWebview

  View on GitHub
  Application for showcasing Android Deep Link and WebView Vulnerabilities
  ☆15Mar 22, 2023Updated 2 years ago
• appsecco / dvna

  View on GitHub
  Damn Vulnerable NodeJS Application
  ☆761Mar 27, 2024Updated last year
• incredibleindishell / sqlite-lab

  View on GitHub
  This code is vulnerable to SQL Injection and having SQLite database. For SQLite database, SQL Injection payloads are different so it is f…
  ☆160Dec 9, 2021Updated 4 years ago
• TheTwitchy / vulnd_xxe

  View on GitHub
  A server vulnerable to XXE that can be used to test payloads using the xxer tool.
  ☆26Mar 29, 2018Updated 7 years ago
• cr0hn / vulnerable-node

  View on GitHub
  A very vulnerable web site written in NodeJS with the purpose of have a project with identified vulnerabilities to test the quality of se…
  ☆484Aug 20, 2024Updated last year
• cougarbytes / IoT-Security-Attack-Surface

  View on GitHub
  Simple mind maps for IoT security attack surfaces and methodologies
  ☆17Aug 12, 2019Updated 6 years ago
• Contrast-Security-OSS / vulnerable-spring-boot-application

  View on GitHub
  ☆15Oct 8, 2025Updated 4 months ago
• payatu / diva-android

  View on GitHub
  DIVA Android - Damn Insecure and vulnerable App for Android
  ☆1,088May 19, 2023Updated 2 years ago
• jaiswalakshansh / Vuldroid

  View on GitHub
  Vuldroid is a Vulnerable Android Application made with security issues in order to demonstrate how they can occur in code
  ☆66Sep 18, 2021Updated 4 years ago
• blabla1337 / skf-labs

  View on GitHub
  Repo for all the SKF Docker lab examples
  ☆462Aug 2, 2024Updated last year
• ghsec / webHunt

  View on GitHub
  Web App bug hunting
  ☆578Nov 26, 2025Updated 3 months ago
• playframework / play-webgoat

  View on GitHub
  A vulnerable Play application for attackers.
  ☆18Feb 16, 2026Updated 2 weeks ago