tdcoming's Stars
mybatis/mybatis-3
MyBatis SQL mapper framework for Java
JoyChou93/java-sec-code
Java web common vulnerabilities and security code which is base on springboot and spring security
OWASP/wrongsecrets
Vulnerable app with examples showing how to not use secrets
christophetd/log4shell-vulnerable-app
Spring Boot web application vulnerable to Log4Shell (CVE-2021-44228).
payatu/diva-android
DIVA Android - Damn Insecure and vulnerable App for Android
PortSwigger/backslash-powered-scanner
Finds unknown classes of injection vulnerabilities
eclipse/steady
Analyses your Java applications for open-source dependencies with known vulnerabilities, using both static analysis and testing to determine code context and usage for greater accuracy. https://eclipse.github.io/steady/
burpheart/CVE-2022-39197-patch
CVE-2022-39197 漏洞补丁. CVE-2022-39197 Vulnerability Patch.
SasanLabs/VulnerableApp
OWASP VulnerableApp Project: For Security Enthusiasts by Security Enthusiasts.
psiinon/bodgeit
The BodgeIt Store is a vulnerable web application which is currently aimed at people who are new to pen testing.
CSPF-Founder/JavaVulnerableLab
Vulnerable Java based Web Application
eelyvy/log4jshell-pdf
The purpose of this project is to demonstrate the Log4Shell exploit with Log4J vulnerabilities using PDF as delivery channel
MagicZer0/fastjson-rce-exploit
exploit for fastjson remote code execution vulnerability
dogangcr/vulnerable-sso
vulnerable single sign on
jeremylong/Open-Vulnerability-Project
Java libraries for working with available vulnerability data sources (GitHub Security Advisories, NVD, EPSS, CISA Known Exploited Vulnerabilities, etc.)
veracode-research/actuator-testbed
A vulnerable application exposing Spring Boot Actuators
simonis/Log4jPatch
Deploys an agent to fix CVE-2021-44228 (Log4j RCE vulnerability) in a running JVM process
QAX-A-Team/SerialWriter
SerialWriter is an incomplete implementation of Java serialization for study of Java deserialization vulnerabilities.
cn-panda/logbackRceDemo
The project is a simple vulnerability Demo environment written by SpringBoot. Here, I deliberately wrote a vulnerability environment where there are arbitrary file uploads, and then use the `scan` attribute in the loghack configuration file to cooperate with the logback vulnerability to implement RCE.
tsug0d/LearnJavaVulnerability
Things help you get started with Java Vulnerability
votd/vulnerability-of-the-day
A pedagogically-curated collection of vulnerability demonstrations for undergraduate software engineering students.
SecCoder-Security-Lab/jdbc-sqlxml-xxe
h2-jdbc(https://github.com/h2database/h2database/issues/3195) & mysql-jdbc(CVE-2021-2471) SQLXML XXE vulnerability reproduction.
jbaines-r7/spring4shell_vulnapp
Intentionally Vulnerable to Spring4Shell
electricalwind/data7
A vulnerability patch gathering tool
angels520/vulnerable-JAVA
一个基于java开发的漏洞测试环境,其中包括了sql注入,csrf,任意文件上传,越权等等
terracotta-bank/terracotta-bank
An intentionally-vulnerable web application, ported from https://github.com/jzheaux/terracotta-bank-spring
CSPF-Founder/VulnerableSpring
Vulnerable Java based Web Application
rafaelrpinto/VulnerableJavaWebApplication
A Java Web Application with common legacy security flaws for tests with Arachni Scanner and ModSecurity
zhzhdoai/Struts2_Vuln
Struts2历史漏洞分析复现
yu4hao4/java-bug
java相关漏洞复现