#Vulnerabilities
Showing 60 of 156 repositories tagged #vulnerabilities, ranked by stars
A vulnerability scanner for container images and filesystems
OSS-Fuzz - continuous fuzzing for open source software.
Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
Vulnerability Static Analysis for Containers
A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more
Gather and update all available and newest CVEs with their PoC.
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
A static analysis security vulnerability scanner for Ruby on Rails applications
A list of web application security
Snyk CLI scans and monitors your projects for security vulnerabilities.
Scalable fuzzing infrastructure.
๐ฆ Make security testing of K8s, Docker, and Containerd easier.
scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
An step by step fuzzing tutorial. A GitHub Security Lab initiative
ๅฟซ้ๆญๅปบๅ็งๆผๆด็ฏๅข(Various vulnerability environment)
Vulmap ๆฏไธๆฌพ web ๆผๆดๆซๆๅ้ช่ฏๅทฅๅ ท, ๅฏๅฏน webapps ่ฟ่กๆผๆดๆซๆ, ๅนถไธๅ ทๅคๆผๆด้ช่ฏๅ่ฝ
Awesome Node.js Security resources
Pentest Report Generator
Vulnerability Intelligence Platform
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
ASOC, ASPM, DevSecOps, Vulnerability Management Using ArcherySec.
The Swiss Army knife for automated Web Application Testing
Examples of Solidity security issues
:new: The Multi-Tool Web Vulnerability Scanner.
The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.
finds publicly known security vulnerabilities in a website's frontend JavaScript libraries
Metlo is an open-source API security platform.
safely install npm packages by auditing them pre-install stage
The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 350 common, vulnerable components (openssl, libpng, libxml2, expat and others), or if you know the components used, you can get a list of known vulnerabilities associated with an SBOM or a list of components and versions.
๐งต CLI tool for directly patching container images!
A service that analyzes docker images and scans for vulnerabilities
OpenClarity is an open source platform built to enhance security and observability of cloud native applications and infrastructure
Metarget is a framework providing automatic constructions of vulnerable infrastructures.
A curated list of VULNERABLE APPS and SYSTEMS which can be used as PENETRATION TESTING PRACTICE LAB.
Horusec is an open source tool that improves identification of vulnerabilities in your project with just one command.
a tool to perform static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in docker images/containers and to monitor the docker daemon and running docker containers for detecting anomalous activities
Collection of npm package manager Security Best Practices
Automatically Collect POC or EXP from GitHub by CVE ID.
Security advisory database for Rust crates published through crates.io
Very vulnerable ARM/AARCH64 application (CTF style exploitation tutorial with 29 vulnerability techniques)
Open-Source Security Architecture | ๅผๆบๅฎๅ จๆถๆ
A vulnerable version of Rails that follows the OWASP Top 10
Advisories, proof of concept files and exploits that have been made public by @pedrib.
Zip Slip Vulnerability (Arbitrary file write through archive extraction)
Vulnerability (CVE) scanner for Nix/NixOS [maintainer=@henrirosten]
MCP server for AI-driven security pipelines
A vulnerable Android application that shows simple examples of vulnerabilities in a ctf style.
Dawn is a static analysis security scanner for ruby written web applications. It supports Sinatra, Padrino and Ruby on Rails frameworks.
Kubernetes security notes and best practices
An example C program which contains vulnerable code for common types of vulnerabilities. It can be used to show fuzzing concepts.
kernel privilege escalation enumeration and exploitation framework
Integrates Dependency-Check reports into SonarQube
PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform
A Collection of Vulnerabilities in ERC20 Smart Contracts With Tokens Affected
๐งน Cleaning up images from Kubernetes nodes
Performing security tests inside your CI
Hacker, ready for more of our story ! ๐
VULNRฮPO - Free vulnerability report generator and repository, end-to-end encrypted! Templates of issues, CWE,CVE,MITRE ATT&CK,PCI DSS, import Nmap/Nessus/Burp/OpenVAS/Bugcrowd/Trivy, Jira export, TXT/JSON/MARKDOWN/HTML/DOCX, attachments, automatic changelog, stats, vulnerability management, bugbounty, local ai/llm, super fast pentest reporting!
A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.