Skip to content


Folders and files

Last commit message
Last commit date

Latest commit


Repository files navigation


The OWASP Vulnerable Web Applications Directory Project (VWAD, is a comprehensive and well maintained registry of all known vulnerable web applications currently available.

The individual collections are available via separate tabs on:

Editing Process

Just open a PR modifying the JSON file.

Please keep the file sorted by name. You can use this online tool to assist you: Entries should conform to the schema and are validated automatically during PR handling. You can also use this online service to check before submitting.

Since 20200331 they are automatically copied/deployed to the www-project-vulnerable-web-applications-directory repo, from which they are rendered on the website.