Consider yourself invited to add vulnerabilities, but keep in mind:

1. This project contains critical security issues (including multiple ways to get remote code execution or proxy network traffic through the app). Consider yourself warned on where you host this application and on what systems.
2. The idea of this project is to have a simple testbed to demo vulnerabilities and their potential impact and demo methods of exploitation or integration of DevSecOps tools, so go for simplicity instead of complex or wicked vulns.
3. If you have an idea for a vuln, raise an Issue and write a suggestion so we can discuss or simply send a pull request with the contribution.