diff --git a/go.mod b/go.mod
new file mode 100644
index 0000000..80baf4a
--- /dev/null
+++ b/go.mod
@@ -0,0 +1,9 @@
+module example/vulnerable-app
+
+go 1.16
+
+require (
+    github.com/dgrijalva/jwt-go v3.2.0+incompatible // Vulnerable version as an example
+    github.com/gin-gonic/gin v1.6.3                 // Example, replace with actual vulnerable version
+    gopkg.in/yaml.v2 v2.2.8                         // Example, replace with actual vulnerable version
+)
diff --git a/main.go b/main.go
new file mode 100644
index 0000000..7acc6df
--- /dev/null
+++ b/main.go
@@ -0,0 +1,19 @@
+package main
+
+import (
+    "net/http"
+
+    "github.com/dgrijalva/jwt-go"          // Known for vulnerabilities in some versions
+    "github.com/gin-gonic/gin"             // Example, replace with actual vulnerable library
+    "gopkg.in/yaml.v2"                     // Example, replace with actual vulnerable library
+)
+
+func main() {
+    r := gin.Default()
+    r.GET("/", func(c *gin.Context) {
+        c.JSON(http.StatusOK, gin.H{
+            "message": "hello world",
+        })
+    })
+    r.Run() // listen and serve on 0.0.0.0:8080
+}