A curated collection of FOSS projects which are intentionally made to be vulnerable.
The basis of this collection began with filtering OWASP-VWAD for 'offline' projects, and those which had an obvious git url available. Additional filtering was made to ensure that dead links were removed, and some manual editing to improve results after that.
To be included in this database, all links must adhere to the following:
- Be Free Open Source Software (FOSS)
- Include a license file
- Links must point to a source code repository with actual source code
- Vulnerabilities must be present at-rest (i.e. does not require execution)
- Tiny repositories are not included
Apache-2.0