| Library | Description | Language(s) | Category | Metadata |
|---|---|---|---|---|
| helmetjs/helmet | Helmet helps secure Express apps by setting HTTP response headers. | NodeJS | Headers | |
| github/secure_headers | Manages application of security headers with many safe defaults | Ruby | Headers | |
| arkadiyt/ssrf_filter | A ruby gem for defending against Server Side Request Forgery (SSRF) attacks | Ruby | SSRF | |
| google/tink-crypto | A multi-language, cross-platform library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse. | Java, C++, Go, Python, Obj-C | Cryptography | |
| cure53/DOMPurify | A DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG | JavaScript | HTML Sanitizer (XSS prevention) | |
| mozilla/bleach | An allowed-list-based HTML sanitizing library that escapes or strips markup and attributes | Python | HTML Sanitizer (XSS prevention) | |
| pallets/markupsafe | Safely add untrusted strings to HTML/XML markup. | Python | HTML Sanitizer (XSS prevention) | |
| symfony/html-sanitizer | Provides an object-oriented API to sanitize untrusted HTML input for safe insertion into a document's DOM. | PHP | HTML Sanitizer (XSS prevention) | |
| null8626/decancer | A tiny package that removes common unicode confusables/homoglyphs from strings. | Rust,JavaScript (Node.js/Browser),C/C++,Java,Python (unofficial) | Input Sanitization | |
| davisjam/safe-regex | Detect possibly catastrophic, exponential-time regular expressions | JavaScript | Regex | |
| ikkisoft/SerialKiller | Look-Ahead Java Deserialization Library | Java | Deserialization | |
| paragonie/anti-csrf | Full-Featured Anti-CSRF Library | PHP | CSRF | |
| paragonie/constant_time_encoding | Character encoding functions that do not leak information about what you are encoding/decoding via processor cache misses | PHP | Information Leakage | |
| paragonie/halite | High-level cryptography interface powered by libsodium | PHP | Cryptography | |
| paragonie/ionizer | Input Filter System for PHP Software | PHP | Input Filteration | |
| paragonie/password_lock | Wraps Bcrypt-SHA2 in Authenticated Encryption | PHP | Cryptography | |
| jvoisin/snuffleupagus | Security module for php7 and php8 - Killing bugclasses and virtual-patching the rest! | PHP | Misc | |
| BePsvPT/secure-headers | PHP Secure Headers | PHP | Headers | |
| gorilla/csrf | Cross Site Request Forgery (CSRF) prevention middleware for Go web applications & services 🔒 | Golang | CSRF | |
| justinas/nosurf | CSRF protection middleware for Go. | Golang | CSRF | |
| sdsdkkk/safe_redirect | Keep Rails apps safe from open redirects | Ruby on Rails | Open Redirect | |
| Shopify/redirect_safely | Sanitize redirect_to URLs | Ruby | Open Redirect |   |
| Trendyol/safe-redirect | Library which resolves open-redirection vulnerability when we need to make redirection to a path taken from query string. | TypeScript | Open Redirect | |
| gorilla/securecookie | Encodes and decodes authenticated and optionally encrypted cookie values for Go web applications | Golang | CookieJar | |
| google/safevalues | Prevent Cross-Site Scripting vulnerabilities in TypeScript (and JavaScript). It is meant to be used together with tsec to provide strong security guarantees and help you deploy Trusted Types and other CSP restrictions in your applications | TypeScript | XSS | |
| google/wuffs | Parsing, decoding and encoding Untrusted File Formats Safely | C | File Handling | |
| google/safeopen | Safe-by-construction library with file open/create primitives for Golang that are not vulnerable to path traversal attacks | Golang | Path Traversal | |
| google/safe-active-record | A security middleware to defend against SQL injection in Ruby on Rails Active Record. | Ruby | SQLi | |
| google/safetext | Safe-by-construction libraries for producing formats like YAML | Golang | Injection | |
| google/safehtml | Immutable string-like types that wrap web types such as HTML, JavaScript and CSS. These wrappers are safe by construction against XSS and similar web vulnerabilities | Golang | XSS, etc. | |
| google/securemessage | A portable crypto library that exposes a restricted API that is secure by design, for use as a black-box building block in cryptographic protocols | C++ | Cryptography | |
| google/re2 | A fast, safe, thread-friendly alternative to backtracking regular expression engines | C++ | Regex | |
| google/safearchive | Safe-by-construction libraries for processing tar and zip archives, to replace unsafe alternatives like archive/tar and archive/zip that are at risk of path traversal attacks. Besides crafted filename entries in the archive, this library also protects from symbolic link attacks. | Golang | Zip Handling | |
| google/go-safeweb | A collection of libraries for writing secure-by-default HTTP servers in Go. | Golang | XSS, XSRF | |
| doyensec/safeurl | Implements a safeurl.Client wrapper around Go's native net/http.Client and performs validation on the incoming request against the configured allow and block lists. It also implements mitigation for DNS rebinding attacks. | Golang | SSRF | |
| mustache/mustache | Logic-less Ruby templates. | Ruby | Templating | |
| Shopify/liquid | Safe, customer facing template language for flexible web apps. | Ruby | Templating |   |
| handlebars-lang/handlebars.js | Minimal templating on steroids. | JavaScript | Templating | |
| salesforce/handlebars-php | A simple, logic-less, yet powerful templating engine for PHP. | PHP | Templating | |
| huggingface/safetensors | This repository implements a new simple format for storing tensors safely (as opposed to pickle) and that is still fast (zero-copy). | Python | Packing/Unpacking | |
| cloudflare/svg-hush | Make arbitrary SVG files as benign and safe to serve as images in other common Web file formats | Rust | SVG | |
| tiran/defusedxml | Python-only workarounds and fixes for denial of service and other vulnerabilities in Python's XML libraries | Python | XXE | |
| nahsra/antisamy | a library for performing fast, configurable cleansing of HTML coming from untrusted sources | Java | Injection | |
| OWASP/www-project-csrfguard | The aim of this project is to protect Java applications against CSRF attacks with the use of Synchronizer Tokens | Java | CSRF | |
| y-mehta/ssrf-req-filter | Module to prevent SSRF when sending requests in NodeJS. Blocks request to local and private IP addresses | NodeJS | SSRF | |
| segmentio/ui-box's safeHref | Allowlists safe protocols and sets rel values | TypeScript | XSS | |
| vvo/iron-session | 🛠Secure, stateless, and cookie-based session library | JavaScript | CookieJar | |
| cossacklabs/themis | Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms. | iOS (Swift, Obj-C), Android (Java, Kotlin), React Native (iOS, Android), desktop Java, С/С++, Node.js, Python, Ruby, PHP, Go, Rust, WASM | Cryptography | |
| aws/http-desync-guardian | Analyze HTTP requests to minimize risks of HTTP Desync attacks (precursor for HTTP request smuggling/splitting). | Rust | HTTP Desync | |
| rust-ammonia/ammonia | Repair and secure untrusted HTML | Rust | HTML Sanitizer (XSS prevention) | |
| techgaun/plug_secex | Adds various HTTP Headers to make Phoenix/Elixir app more secure | Elixir | Headers | |
| cak/secure | Secure 🔒 headers for Python web frameworks | Python | Headers | |
| unrolled/secure | HTTP middleware for Go that facilitates some quick security wins. | Golang | Multiple | |
| juunas11/aspnetcore-security-headers | Middleware for adding security headers to an ASP.NET Core application. | .NET | Headers | |
| andrewlock/NetEscapades...SecurityHeaders | Small package to allow adding security headers to ASP.NET Core websites | .NET | Headers | |
| GaProgMan/OwaspHeaders.Core | A .NET Core middleware for injecting the Owasp recommended HTTP Headers for increased security | .NET | Headers | |
| mganss/HtmlSanitizer | Cleans HTML to avoid XSS attacks | .NET | HTML Sanitizer (XSS prevention) | |
| Escape/GraphQL-Armor | Highly customizable security middleware for various GraphQL server engines. | Apollo Server, GraphQL Yoga, GraphQL-Helix, Node.js HTTP, GraphQL-Helix,GraphQL-WS, GraphQL-SSE, Azure Functions, Cloudflare Workers, Google Cloud Functions, Lambda AWS, type-graphql, nexus, express-graphql | Multiple |
| Library | Description | Language(s) | Category | Metadata |
|---|---|---|---|---|
| HardenedBSD | Hardened fork of FreeBSD with extra exploit mitigations and security hardening technologies | C, C++, Shell, Other | OS / ecosystem | |
| GoogleContainerTools/distroless | 🥑 Language focused docker images, minus the operating system. | Docker | Containers | |
| chainguard-images/images | Chainguard Images is a collection of container images designed for minimalism and security. | Docker | Containers | |
| step-security/harden-runner | Network egress filtering and runtime security for GitHub-hosted and self-hosted runners | Github Actions | CI/CD |
| [TKTK](https://github.com/TKTK) | TKTK | TKTK | TKTK |[](https://badgen.net/github/stars/TKTK) [](https://badgen.net/github/last-commit/TKTK)
- https://www.abhaybhargav.com/notes-on-secure-defaults/?utm_source=tldrsec.com&utm_medium=referral&utm_campaign=tl-dr-sec-43-continuous-appsec-scanning-threat-modeling-career-advice-from-feynman
- https://github.com/orgs/google/repositories?language=&q=safe&sort=&type=all
- https://paragonie.com/software
- https://github.com/pxlpnk/awesome-ruby-security
- https://github.com/guardrailsio/awesome-php-security
- https://github.com/osirislab/awesome-rust-security
- https://github.com/vintasoftware/awesome-django-security
- https://github.com/guardrailsio/awesome-golang-security
- https://github.com/guardrailsio/awesome-dotnet-security
