这个仓库收集了所有在 GitHub 上能找到的 CVE 漏洞利用工具。 This repository collects all CVE exploits found on GitHub.

🚀 Free vulnerability scanner for Maven projects. Detect CVEs, track security trends, and generate comprehensive reports. Built on OWASP Dependency-Check with enterprise-grade performance.

A tool to fetch CVE and CPE data (including match criteria) from NIST's NVD API, along with CWE data from MITRE.

Burp Suite Extension with MCP Server to enhance manual application security testing

A simple Java command-line utility to mirror the entire contents of VulnDB.

Simple proof of concept of Log4Shell vulnerability in a spring boot vulnerable application environment.

A Java Agent that disables Apache Log4J's JNDI Lookup to mitigate CVE-2021-44228 ("Log4Shell").

This repository contains a backend using Spring Boot, JPA, and H2 to manage and display over 10,000 CVE records. It fetches CVE data from a public source, stores it in H2, and provides custom endpoints with filtering by year, metric score, and last modified date. Built with MVC architecture for structured data handling and web page integration.

Analysis of vulnerabilities from security audit | CVEs

VulDB Java code to fetch data via API

JNDI-Injection-Exploit 是一个用于生成可用 JNDI 链接并提供后台服务的工具，支持启动 RMI 服务器、LDAP 服务器和 HTTP 服务器。其 RMI 和 LDAP 服务基于 marshalsec，并进行修改以与 HTTP 服务联动。

两年多以前，Chris Frohoff 和 Gabriel Lawrence 发表了关于 Java 对象反序列化漏洞的研究，这一研究最终导致 Java 历史上最大的一波远程代码执行漏洞的爆发。 后续研究表明，这些漏洞不仅限于 Java 序列化或 XStream 这样的机制，还可以应用于其他机制。

CVE-2024-4040 PoC

Java CVE Vulnerability Environment

PDoS using race condition in ActivityManager's CoreSettingsObserver

F5 BIG-IP iControl REST vulnerability RCE exploit with Java including a testing LAB

CVE-2020-13933 靶场： shiro 认证绕过漏洞

Security Research and PoC

Exploit app for CVE-2021-39670 and CVE-2021-39690, two permanent denial-of-service vulnerabilities in Android's wallpaper system

SIEGE is an automated test case generator targeting any method in the classpath