GitHub
github.com › fportantier › vulpy
GitHub - fportantier/vulpy: Vulnerable Python Application To Learn Secure Development · GitHub
This will permit learn how to develop python code following the best security practices. git clone https://github.com/fportantier/vulpy cd vulpy pip3 install --user -r requirements.txt ... Note: The "GOOD" version (not finished yet) is supposed to don't have vulnerabilities, but I'm a human being, so...
Starred by 127 users
Forked by 521 users
Languages Python 46.1% | CSS 37.1% | HTML 15.9%
Videos
15:11
What's wrong with this Code? Vulnerable Python Code - Walkthrough ...
15:25
How to Scan Python Code for Security Vulnerabilities? | Episode ...
56:15
Security Checks for Python Code - YouTube
18:23
Secure Coding Guide for Python - David Mather & Bart Karas, Ericsson ...
43:27
Python Coding Mistakes, Causes of Vulnerabilities and How to Solve ...
GitHub
github.com › anxolerd › dvpwa
GitHub - anxolerd/dvpwa: Damn Vulnerable Python Web App · GitHub
You can also sanitize text, when users input it and prohibit different kinds of code injection. As per check_paswword function and database initialization script, passwords are not stored in the database themselves, but their md5 hashes. ... As hash function produces same output for same input, same passwords will produce the same hash. Passwords are vulnerable to statistical analysis: it is possible to determine how many people use the same password, how popular the password is, etc:
Starred by 190 users
Forked by 783 users
Languages Python 55.2% | Jinja 44.3%
Aikido
aikido.dev › home › articles › top 10 python security vulnerabilities developers should avoid
Python Security Vulnerabilities | Top Issues
January 29, 2026 - In today’s fast-paced development pipelines, insecure Python code can introduce serious risks. Python is loved for its simplicity, but that same flexibility can turn dangerous if secure coding practices are neglected. From code injection pitfalls to vulnerable third-party libraries, even a small oversight can open the door for attackers.
GitHub
github.com › Contrast-Security-OSS › vulnpy
GitHub - Contrast-Security-OSS/vulnpy: Purposely-vulnerable Python functions · GitHub
Starred by 17 users
Forked by 80 users
Languages Python 53.7% | HTML 44.3% | Makefile 1.6%
PyPI
pypi.org › project › vulnerablecode
vulnerablecode · PyPI
» pip install vulnerablecode
Stack Abuse
stackabuse.com › checking-vulnerabilities-in-your-python-code-with-bandit
Checking Vulnerabilities in Your Python Code with Bandit
June 15, 2021 - In this guide - we'll explore how simple lines of code can end up being destructive, and how we can use Bandit to help us identify them. A security vulnerability in our code is a flaw that malicious agents can take advantage of to exploit our systems and/or data.
MozillaWiki
wiki.mozilla.org › Common_Python_Code_Vulnerabilities
Common Python Code Vulnerabilities
JavaScript is disabled in your browser · Please enable JavaScript to proceed · A required part of this site couldn’t load. This may be due to a browser extension, network issues, or browser settings. Please check your connection, disable any ad blockers, or try using a different browser
Aqua Security
aquasec.com › home › application security › python security
Python Security: 6 Common Risks & What You Can Do About Them
July 23, 2024 - Injection flaws allow an attacker to deliver malicious code through an application to a backend or internal system. Injection vulnerabilities are common in Python, and come in several types such as command injection and SQL injection.
SonarSource
rules.sonarsource.com › python › type › vulnerability
Python static code analysis | Vulnerability
Unique rules to find Bugs, Vulnerabilities, Security Hotspots, and Code Smells in your PYTHON code
GitHub
github.com › Vulnerable-Code-Samples › Python_Vulnerable_Code
GitHub - Vulnerable-Code-Samples/Python_Vulnerable_Code: A small collection of vulnerable code snippets
A collection of vulnerable code snippets taken form around the internet. Snippets taken from various blog posts, books, resources etc.
Forked by 7 users
Languages PHP 31.6% | JavaScript 16.8% | C# 14.4% | C 12.5% | Python 11.0% | Java 6.2% | PHP 31.6% | JavaScript 16.8% | C# 14.4% | C 12.5% | Python 11.0% | Java 6.2%
GitHub
github.com › michealkeines › Vulnerable-API
GitHub - michealkeines/Vulnerable-API: The Vulnerable API Python Application is a purposely flawed Python app that uses Flask, Jinja, and SQLite3. It contains intentional security vulnerabilities like XSS, SQLi, HHI, LFI, RFI, and SSTI. The project aims to serve as an educational tool to learn about and test automated API scanners. Use responsibly in controlled environments only. · GitHub
The application is vulnerable to Remote File Inclusion attacks. RFI occurs when user-supplied input is used to include remote files from external servers, leading to potential code execution and unauthorized access.
Starred by 9 users
Forked by 19 users
Languages Python 94.2% | HTML 5.8%
GitHub
github.com › mpirnat › lets-be-bad-guys
GitHub - mpirnat/lets-be-bad-guys: A deliberately-vulnerable website and exercises for teaching about the OWASP Top 10
You’ll need Git to check out the code repository that we’ll be working with. You can download it from http://git-scm.com. All of our examples were developed and tested against Python 2.7 and 3.4.
Starred by 188 users
Forked by 365 users
Languages HTML 60.8% | Python 24.8% | JavaScript 13.5% | CSS 0.9% | HTML 60.8% | Python 24.8% | JavaScript 13.5% | CSS 0.9%
CVE Details
cvedetails.com › vulnerability-list › vendor_id-10210 › opec-1 › Python.html
Python : Security vulnerabilities, CVEs Code Execution
... Expat allows context-dependent ... Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string....
ScienceDirect
sciencedirect.com › science › article › abs › pii › S0167739X24004680
DetectVul: A statement-level code vulnerability detection for Python - ScienceDirect
September 10, 2024 - Given that C/C++ allows direct memory manipulation, which often leads to vulnerabilities like buffer overflows and memory leaks, previous works [22], [27] have constructed graphs such as program dependency graphs (PDGs) and code property graphs (CPGs) to uncover data-related vulnerabilities. Control flow graphs (CFGs) and call graphs (CGs) have also been used to trace execution paths where input validation may be bypassed [23], [25], [26]. This GNN-based approach can also be adapted for Python, where models trained on CFGs can analyze and identify Python-specific vulnerabilities, typically involving improper input validation, insecure deserialization, or misuse of security-sensitive functions, rather than memory corruption.
Invicti
invicti.com › web-vulnerability-scanner › vulnerabilities › code-evaluation-python
Code Evaluation (Python)
An attacker can execute arbitrary Python code on the system.
CVE Details
cvedetails.com › vulnerability-list › vendor_id-10210 › product_id-18230 › Python-Python.html
Python Python : Security vulnerabilities, CVEs
Starting in Python 3.12.0, the asyncio._SelectorSocketTransport.writelines() method would not "pause" writing and signal to the Protocol to drain the buffer to the wire once the write buffer reached the "high-water mark". Because of this, Protocols would not periodically drain the write buffer ...