GitHub
github.com › dehvCurtis › vulnerable-code-examples
GitHub - dehvCurtis/vulnerable-code-examples: This repo provides vulnerable code examples · GitHub
This repo contains a variety of code samples of vulnerability, dependency and risk.
Starred by 16 users
Forked by 72 users
Languages Python 33.3% | PHP 11.6% | HCL 11.5% | C# 11.1% | TypeScript 10.2% | JavaScript 9.1%
We Live Security
welivesecurity.com › 2017 › 01 › 30 › examples-vulnerable-code-find
Some examples of vulnerable code and how to find them
January 30, 2017 - As you can imagine, it’s very unusual these days for such vulnerabilities to be found in open-source applications; and, where they do exist, they are quickly corrected. When the indexes or cut conditions in iterative loops are badly programmed, it can result in more bytes being copied than was intended: either one byte (off-by-one) or several (off-by-a-few). Take, for example, this old version of the OpenBSD FTP demon: While the purpose of the code is to reserve one byte for the null character at the end of the string, when the size of name is equal to or greater than npath, and the last byte to be copied is “ (double quotation mark), we can see that the index i increases by more in the highlighted command.
Videos
Is AI Writing Vulnerable Code?
Explaining Vulnerable Code & Refactoring
06:44
Checking Vulnerable Code - YouTube
43:24
Top Security Flaws Hiding in Your Code Right Now – and How to ...
14:33
The Top Open-Source Vulnerabilities (and how to fix them) - YouTube
10:43
Can AI Fix Vulnerable Code? - YouTube
Reddit
reddit.com › r/cybersecurity › looking for vulnerable code example site
r/cybersecurity on Reddit: Looking for Vulnerable Code Example Site
January 15, 2025 -
I'm going kind of nuts at this point.
I found website yesterday that has a list of programming languages, and within each language there is an example set of vulnerable code along with how it should be fixed in order to make it secure.
But, for the life of me, I cannot seem to find it again. I've been searching for the past couple hours and 80% of the stuff I see is basically just articles that loosely cover the topic without any real examples of what that insecure code looks like. Does anyone happen to know what site I'm describing?
Top answer 1 of 5
3
I got you. Even if this isn't the site you were on before, this has vulnerable examples and fixed examples for most vuln classes. Just pick a language https://rules.sonarsource.com/
2 of 5
3
Solved by u/After_Performer7638 https://rules.sonarsource.com/ Edit: As of February 2026 it appears SonarQube has removed this incredibly useful resource ( https://community.sonarsource.com/t/rules-sonarsource-com-not-reachable-anymore/177316/6 ). If someone else can find it natively, please message me. Otherwise, here is the Wayback machine link: https://web.archive.org/web/20250925091726/https://rules.sonarsource.com/
Madhuselvarajj
madhuselvarajj.github.io › IoTCodeWeaknessStackExchange
Examples of Vulnerable Code Snippets and their Solutions
This code attemmpts to access memory in the variable fifo_buffer at a location that is larger than it's size.
GitHub
github.com › yeswehack › vulnerable-code-snippets
GitHub - yeswehack/vulnerable-code-snippets: Twitter vulnerable snippets · GitHub
The filter protection does not filter all special characters that can be used to exploit the vulnerabilities ... The filter provided by the PHP function "preg_replace()" is limited to filtering only the first 10 characters ... An attacker can gain access to sensitive data from other users by performing a Forced browsing attack ... No proper character escaping or filter verification. The include() function executes all PHP code in the given file, no matter the file extension, resulting in code injection
Starred by 1.1K users
Forked by 201 users
Languages PHP 45.2% | Python 14.6% | Dockerfile 12.8% | HTML 12.7% | CSS 5.9% | JavaScript 5.2%
GitHub
github.com › snoopysecurity › Broken-Vulnerable-Code-Snippets
GitHub - snoopysecurity/Broken-Vulnerable-Code-Snippets: A small collection of vulnerable code snippets · GitHub
A collection of vulnerable code snippets taken form around the internet. Snippets taken from various blog posts, books, resources etc.
Starred by 794 users
Forked by 793 users
Languages PHP 34.4% | JavaScript 16.8% | C# 14.4% | C 12.5% | Python 11.0% | Java 6.2%
Reddit
reddit.com › r/netsec › collection of vulnerable code snippets (updated every friday)
r/netsec on Reddit: Collection of vulnerable code snippets (updated every friday)
November 18, 2022 -
This Github repository contain several different code snippets vulnerabilities to practice your code analysis. The code snippets are beginner friendly but suitable for all levels! Hope you will like it 🤘
GitHub
github.com › snoopysecurity › Broken-Vulnerable-Code-Snippets › blob › master › SQL Injection › example.java
Broken-Vulnerable-Code-Snippets/SQL Injection/example.java at master · snoopysecurity/Broken-Vulnerable-Code-Snippets
March 23, 2025 - A small collection of vulnerable code snippets . Contribute to snoopysecurity/Broken-Vulnerable-Code-Snippets development by creating an account on GitHub.
Author snoopysecurity
CodeSandbox
codesandbox.io › p › github › Undead34 › vulnerable-code-examples
vulnerable-code-examples
CodeSandbox is a cloud development platform that empowers developers to code, collaborate and ship projects of any size from any device in record time.
ResearchGate
researchgate.net › figure › Example-of-vulnerable-code-that-can-be-exploited-by-Code-Injection-Attack_fig3_343512012
Example of vulnerable code that can be exploited by Code Injection Attack. | Download Scientific Diagram
Download scientific diagram | Example of vulnerable code that can be exploited by Code Injection Attack. from publication: Web Application Vulnerability Detection Using Taint Analysis and Black-box Testing | Web applications continue to grow however web attacks are also increasing, this shows an increase in web application vulnerabilities.
Kratikal
kratikal.com › home › posts › 5 critical code vulnerabilities to avoid at all cost
5 Critical Code Vulnerabilities To Avoid At All Cost
December 20, 2021 - Referring to the improper neutralization of directives in dynamically evaluated code, Eval Injection is one of the most critical code vulnerabilities that occurs when a malicious actor can control a part of or all of an input string fed into an eval() function call.
Syhunt
syhunt.com › docwiki › index.php
Vulnerable PHP Code | Syhunt Web Application Security Docs
Found: 2 vulnerabilities In /commentbug.php (source code, locally), affecting parameter "name", on line 2: Possible XSS Vulnerability In /commentbug.php (source code, locally), on line 4: Possible XSS Vulnerability · Syhunt will, whenever possible, avoid triggering false positive results. Example ...
Legit Security
legitsecurity.com › aspm-knowledge-base › vulnerabilities-in-code
Vulnerabilities in Code: 5 Common Types and Risks
October 17, 2025 - There are three main examples of XSS attackers use: Reflected XSS: Executes malicious scripts immediately after users interact with fake URLs. Stored XSS: Infects all users who view or otherwise access compromised content as the malicious code permanently embeds itself in databases and files. DOM-based XSS: Manipulates the document object model (DOM) in users’ browsers without server-side involvement. A forgery vulnerability tricks users into performing unwanted actions on an application where they’re already authenticated.
Top answer 1 of 3
3
Open Security Training has some great resources to teach developers about secure code practices including a virtual machine with compilers and vulnerable code samples
Also look at NIST's SAMATE TEST Suite for C and C++ vulnerable code, For e.g. C test suite contains good examples of Format String, Buffer overflow vulnerabilities in C.
You can find vulnerable versions of open source software like Wireshark on SAMATE as well. You might also want to look at exploit-db.com once your students are comfortable with simple vulnerabilities.
Finding security issues in Wireshark, VLC or any media libraries can be a great exercise for students and also improves security of open source projects.
2 of 3
0
DevIL is an image library with quite a lot of stack overflows in it.
GitHub
github.com › conikeec › seeve
GitHub - conikeec/seeve: A set of vulnerable C code snippets (with mapped CVEs)
A set of vulnerable C code snippets (with mapped CVEs) - conikeec/seeve
Starred by 78 users
Forked by 63 users
Languages C 88.8% | Makefile 11.2% | C 88.8% | Makefile 11.2%
IBM
developer.ibm.com › articles › coder-challenge-find-the-security-bug
Understanding software security with simple code examples
Articles provide in-depth authoritative information about a technology or product. Articles provide detailed conceptual and explanatory information that fully describe a technology, product, principle, or process · Start here with the most popular or most recent content, or browse the full library
Kiuwan
kiuwan.com › blog › what-are-code-vulnerabilities
Code Vulnerabilities: What They Are and How to Stop Them | Kiuwan
February 12, 2026 - Learn what source code vulnerabilities are, including the most common types and occurrences, and how you can avoid data breaches and security incidents.
Codegrip
codegrip.tech › home › what is code vulnerability?
What is code vulnerability? - Codegrip
February 27, 2020 - The example below will make XSS clearer. Buffer is a sequential memory allocated to contain data like strings or integers. Consider if this buffer gets bombarded with data or requests more than what it can handle. It will overflow into adjacent storage. This overflow can create significant issues like crashing your software, loss of data, or the most dangerous – creating an entry point for cyberattacks. This code vulnerability ...
OWASP
owasp.org › SecureCodingDojo › codereview101
Security Code Review 101
Security Code Review 101! Take a look at the examples below and choose between the good and the bad!
Wiz
wiz.io › academy › code-vulnerabilities
6 All-Too-Common Code Vulnerabilities | Wiz
December 6, 2024 - For example, a cloud storage bucket left open to the public can lead to the unauthorized exposure of sensitive data. Likewise, default admin username/password combinations on a web server may enable attackers to take over.