Intentionally vulnerable Node.js REST API for benchmarking SAST, SCA, and code quality tools. Contains 30 real, functional issues across Critical/High/Medium/Low severities covering SQL injection, command injection, path traversal, IDOR, hardcoded secrets, and more. Not for production use.
issues sonarqube vulnerable vulnerable-container vulnerable-application vulnerable-web-app sast sonarcloud vulnerable-apps vulnerable-app vulnerable-web-applications vulnerable-sample-app vulnerable-scan vurna minimal-vulnerable node-vulnerable
-
Updated
Mar 1, 2026 - JavaScript