The OWASP Vulnerable Web Applications Directory Project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.
-
Updated
Feb 5, 2026 - JavaScript
#
vulnerable-web-app
Here are 7 public repositories matching this topic...
Zero trust. Zero security. Total exposure. A deliberately vulnerable health tech platform with AI Chatbot for learning about application security and ethical hacking. It contains vulnerabilities from OWASP top 10 Web, API and AI/LLM Security Vulnerabilities. Highly vulnerable, never use in production.
-
Updated
Jun 15, 2025 - JavaScript
SSJS Web Shell Injection Case
-
Updated
Nov 4, 2019 - JavaScript
⛔️deprecated and replaced by https://github.com/marmicode/websheep
-
Updated
Nov 13, 2019 - JavaScript
mini-juice-shop
-
Updated
Sep 11, 2025 - JavaScript
An intentionally vulnerable web application built with React & Node.js for cybersecurity education, penetration testing practice, and security scanner development.
-
Updated
Dec 9, 2025 - JavaScript
Web Apps // Web Dev Projects // Intermediate Learning Web Apps
-
Updated
Aug 4, 2021 - JavaScript
Improve this page
Add a description, image, and links to the vulnerable-web-app topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the vulnerable-web-app topic, visit your repo's landing page and select "manage topics."