Phoenix Security Public

All

67 repositories

react2shell-scanner-rce-react-next-CVE-2025-55182-CVE-2025-66478
Public
Scanner for CVE-2025-55182 (React) and CVE-2025-66478 (Next.js) - Track and remediate a critical React Server Components (RSC) / Flight protocol vulnerability campaign impacting react-server-dom-webpack, react-server-dom-parcel, react-server-dom-turbopack, and RSC-enabled frameworks like Next.js.
Python
•0•0•0•1•Updated Dec 9, 2025Dec 9, 2025
django-DefectDojo
Public
DefectDojo is an open-source application vulnerability correlation and security orchestration tool.
HTML
•
BSD 3-Clause "New" or "Revised" License
•1.8k•0•0•76•Updated Dec 8, 2025Dec 8, 2025
vulnerablecode
Public
A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode
Python
•
Apache License 2.0
•252•0•0•41•Updated Dec 8, 2025Dec 8, 2025
CVE-2025-55182
Public
Explanation and full RCE PoC for CVE-2025-55182
Python
•151•1•0•1•Updated Dec 6, 2025Dec 6, 2025
java-sec-code
Public
Java web common vulnerabilities and security code which is base on springboot and spring security
Java
•758•0•0•49•Updated Dec 2, 2025Dec 2, 2025
Utils
Public
Phoenix Security Script and Utilities
HTML
•
GNU General Public License v3.0
•0•1•0•1•Updated Nov 27, 2025Nov 27, 2025
terragoat-vulnerable-iac
Public
TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository. TerraGoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.
HCL
•
Apache License 2.0
•5.6k•0•0•8•Updated Nov 27, 2025Nov 27, 2025
Shai-Hulud-Sha1-Hulud-V2-npm-compromise-scanner
Public
Script to verify if Shai Hulud and Sha1-Hulud NPM package alike are affecting your NPM Build - check https://phoenix.security/shai-hulud-second-coming-npms-biggest-supply-chain-breach/
supply shai-hulud shai-hulud-detector shai-hulud-attack shai-hulud2-detector shai-hulud2
Python
•2•12•0•1•Updated Nov 26, 2025Nov 26, 2025
crazy-vulnerable-nodejs-application
Public
CVNA
JavaScript
•23•0•0•5•Updated Nov 26, 2025Nov 26, 2025
xss-fastapi
Public
Recreation of https://xss-game.appspot.com/
CSS
•
Apache License 2.0
•5•0•0•3•Updated Nov 21, 2025Nov 21, 2025
CVE-2024-3094_exploit_xzbot
Public
notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094)
Go
•239•0•0•5•Updated Nov 21, 2025Nov 21, 2025
Tiredful-API-py3-beta
Public
Python 3 compatible repo of Tiredful API
Python
•
GNU General Public License v3.0
•10•0•0•4•Updated Nov 21, 2025Nov 21, 2025
Qxi-npm-compromise-checker
Public
Quick Set of vulnerability tool for Qxi-npm-compromise-checker
Python
•3•17•0•1•Updated Nov 18, 2025Nov 18, 2025
Phoenix-Security-PYRUS
Public
PYRUS is Phoenix Security’s YAML-native CMDB automation framework that unifies asset ownership, vulnerability attribution, and business alignment across DevSecOps. It replaces static CMDBs with metadata-driven synchronization from CI/CD, repositories, cloud, and identity systems to reflect the real state of your environment
Python
•
Apache License 2.0
•0•1•0•0•Updated Nov 17, 2025Nov 17, 2025
brokencrystals
Public
A Broken Application - Very Vulnerable!
TypeScript
•
MIT License
•303•0•0•6•Updated Nov 8, 2025Nov 8, 2025
vulnerable-app
Public
A sample web application using Node.js, Express and Angular that is vulnerable to common security vulnerabilities.
JavaScript
•53•0•0•2•Updated Nov 8, 2025Nov 8, 2025
Damn-Vulnerable-Source-Code
Public
The aim of the project is to develop intentionally vulnerable source code in various languages.
HTML
•50•0•63•0•Updated Nov 6, 2025Nov 6, 2025
brokencrystals-demo
Public
Mirror of broken crystals, but with specific dockerfiles for easy docker compose
TypeScript
•
MIT License
•5•0•0•2•Updated Nov 3, 2025Nov 3, 2025
VulnerableCoreApp
Public
Mirror of https://github.com/zsusac/VulnerableCoreApp
HTML
•3•0•0•1•Updated Nov 1, 2025Nov 1, 2025
WebGoat-Legacy
Public
Legacy WebGoat 6.0 - Deliberately insecure JavaEE application
Java
•413•0•0•47•Updated Nov 1, 2025Nov 1, 2025
vulnado
Public
Purposely vulnerable Java application to help lead secure coding workshops
Java
•
Other
•819•0•9•9•Updated Nov 1, 2025Nov 1, 2025
sample-eightball
Public
Sample source code containing vulnerabilities to illustrate Fortify usage
Java
•30•0•0•2•Updated Nov 1, 2025Nov 1, 2025
nosql-injection-vulnapp
Public
NIVA is a simple web application which is intentionally vulnerable to NoSQL injection. The purpose of this project is to facilitate a better understanding of the NoSQL injection vulnerability among a wide audience of software engineers, security engineers, pentesters, and trainers.
Java
•
MIT License
•25•0•0•2•Updated Nov 1, 2025Nov 1, 2025
javaspringvulny
Public
javaspringvulny - a Spring Boot web application built wrong on purpose
Java
•253•1•0•1•Updated Nov 1, 2025Nov 1, 2025
dvcsharp-api
Public
Damn Vulnerable C# Application (API)
C#
•
MIT License
•281•0•0•3•Updated Nov 1, 2025Nov 1, 2025
vuln_node_express
Public
JavaScript
•365•0•0•3•Updated Nov 1, 2025Nov 1, 2025
langgraph-flow-designer
Public
JavaScript
•
MIT License
•3•0•0•2•Updated Nov 1, 2025Nov 1, 2025
yrpreyTasksNodeJS
Public
PHP
•7•0•0•1•Updated Nov 1, 2025Nov 1, 2025
VulnerableLightApp
Public
Vulnerable API for educational purposes
C#
•
GNU General Public License v3.0
•77•0•0•0•Updated Nov 1, 2025Nov 1, 2025
XSS-Vulnerable-Code
Public
XSS Vulnerable code examples for you to practice locally.
Hack
•3•0•0•0•Updated Nov 1, 2025Nov 1, 2025