Search Results for "issues"
Sort By:
Showing 70 open source projects for "issues"
View related business solutions-
Earn up to 16% annual interest with Nexo.Generate interest, borrow against your crypto, and trade a range of cryptocurrencies — all in one platform. Geographic restrictions, eligibility, and terms apply.
-
$300 in Free Credit Towards Top Cloud ServicesStart your project in minutes. After credits run out, 20+ products include free monthly usage. Only pay when you're ready to scale.
-
1
DVWA
PHP/MySQL web application
...The aim of DVWA is to practice some of the most common web vulnerabilities, with various levels of difficulty, with a simple straightforward interface. Please note, there are both documented and undocumented vulnerabilities with this software. This is intentional. You are encouraged to try and discover as many issues as possible. Damn Vulnerable Web Application is damn vulnerable! Do not upload it to your hosting provider's public html folder or any Internet facing servers, as they will be compromised. It is recommended using a virtual machine (such as VirtualBox or VMware), which is set to NAT networking mode. -
2
Docker Scout CLI
Docker Scout CLI
...Docker Scout’s local vulnerability analysis scans your images for potential security issues before they reach production. By detecting vulnerabilities early, it helps you ensure safer deployments and reduce the risk of security breaches in your applications. -
3
Nikto
Web server vulnerability scanner for security assessments
Nikto is an open-source web server scanner that performs comprehensive tests to detect potentially dangerous files, outdated server software, and configuration issues. It’s widely used by penetration testers and security professionals for auditing web applications and infrastructure. Nikto supports multiple output formats and can integrate with other tools for automated scanning workflows. -
4
Apisauce
Axios + standardized errors + request/response transforms
...Responses have a problem property to help guide exception flow, attach functions that get called each request, attach functions that change all request or response data. Detects connection issues (on React Native). The only required property is baseURL and it should be the starting point for your API. It can contain a sub-path and a port as well. The responses are promise-based, so you'll need to handle things in a .then() function. The promise is always resolved with a response object. Even if there was a problem with the request! ... -
Train ML Models With SQL You Already KnowBuild and deploy ML models using familiar SQL. Automate data prep with built-in Gemini. Query 1 TB and store 10 GB free monthly.
-
5
OSS-Fuzz
OSS-Fuzz - continuous fuzzing for open source software
...Fuzz testing is a proven method for uncovering programming errors such as buffer overflows and memory leaks, which can lead to severe security vulnerabilities. By leveraging guided in-process fuzzing, Google has already identified thousands of issues in projects like Chrome, and this initiative extends the same capabilities to the broader open source community. OSS-Fuzz integrates modern fuzzing engines with sanitizers and runs them at scale in a distributed environment, providing automated testing and continuous monitoring. The platform supports multiple programming languages including C/C++, Rust, Go, Python, Java/JVM, and JavaScript, ensuring wide coverage across critical open source projects. -
6
ClusterFuzz
Scalable fuzzing infrastructure
ClusterFuzz is a scalable fuzzing infrastructure that finds security and stability issues in software. Google uses ClusterFuzz to fuzz all Google products and as the fuzzing backend for OSS-Fuzz. ClusterFuzz provides many features which help seamlessly integrate fuzzing into a software project's development process. Can run on any size cluster (e.g. OSS-Fuzz instance runs on 100,000 VMs). Fully automatic bug filing, triage and closing for various issue trackers (e.g. -
7
Shannon
Fully autonomous AI hacker to find actual exploits in your web apps
...It focuses on “proof by exploitation,” meaning it actively hunts for attack vectors in your code and then attempts to execute end-to-end exploits to demonstrate impact. The project blends source-aware analysis with automated web interaction so it can validate issues like injection flaws, authentication bypasses, and other exploitable paths in a way that resembles an actual attacker’s workflow. Instead of requiring you to manually reproduce findings, Shannon is designed to produce actionable evidence that a weakness can be weaponized, which helps teams prioritize what truly matters. It positions itself as a pre-attacker safety net, aiming to break your web app before someone else does and thereby reduce the gap between “potentially vulnerable” and “confirmed exploitable.” -
8
SOPS
Simple and flexible tool for managing secrets
...For the adventurous, unstable features are available in the develop branch, which you can install from source. To use sops as a library, take a look at the decrypt package. We rewrote Sops in Go to solve a number of deployment issues, but the Python branch still exists under python-sops. We will keep maintaining it for a while, and you can still pip install sops, but we strongly recommend you use the Go version instead. If you're using AWS KMS, create one or multiple master keys in the IAM console and export them, comma separated, in the SOPS_KMS_ARN env variable. ... -
9
Tailsnitch
A security auditor for Tailscale configurations
...Written in Go and designed to be run either as a CLI or integrated into automated pipelines, tailsnitch performs dozens of checks against common access control policies, authentication key practices, network exposure issues, and device security settings. It outputs structured reports on findings with severity levels and remediation guidance, and it can generate results in formats like JSON for downstream analysis and integration with CI/CD pipelines. Tailsnitch supports authentication via the Tailscale API (including OAuth or API keys) and provides options to filter findings, run only high-severity checks, and produce compliance artifacts like SOC 2 evidence exports. -
Our Free Plans just got better! | Auth0You asked, we delivered! Auth0 is excited to expand our Free and Paid plans to include more options so you can focus on building, deploying, and scaling applications without having to worry about your security. Auth0 now, thank yourself later.
-
10
SIPVicious
Security tools that can be used to audit SIP based VoIP systems
...Also known as friendly-scanner, it is freely available to help pentesters, security teams and developers quickly test their SIP systems. Download the latest source code from git or the latest release, send pull requests and open issues. Install the latest and greatest release using pip3 install sipvicious or follow the instructions for further options. Available on any platform that supports Python 3. Made a change to your phone system or SIP router? Test it automatically using SIPVicious OSS to perform a smoke test for security robustness. The next generation is SIPVicious PRO, a complete new code base and overhaul of the concepts found in SIPVicious OSS. ... -
11
s2n-quic
An implementation of the IETF QUIC protocol
s2n-quic is AWS’s open-source implementation of the IETF QUIC transport protocol, written in Rust and designed for performance, security, and modern usage. QUIC is a UDP-based, multiplexed, encrypted transport layer that underpins HTTP/3 and addresses issues such as head-of-line blocking and faster handshake times compared to TCP+TLS. This library integrates with AWS’s s2n-tls or rustls for the TLS 1.3 handshake and leverages Rust’s memory and thread safety guarantees to deliver a robust implementation. It is built with configurability in mind—you can tune congestion control (like CUBIC), pacing, packet size discovery, and other advanced network behaviors. ... -
12
Personal Management System
Your web application for managing personal data
It's easier to understand this web application when you think about a CMS (WordPress) or CRM (SugarCRM); the logic behind this system is very similar to those two. My PMS may offer fewer possibilities than those systems above, but it just does what I want it to do. Additionally, writing extensions is not too hard, depending on the logic required. Anyone with development knowledge can pretty much write their own extensions for personal needs. Keep a track of your personal goals. You can use... -
13
tfsec
Security scanner for your Terraform code
...Designed to run locally and in your CI pipelines, developer-friendly output and fully documented checks mean detection and remediation can take place as quickly and efficiently as possible. tfsec takes a developer-first approach to scanning your Terraform templates; using static analysis and deep integration with the official HCL parser it ensures that security issues can be detected before your infrastructure changes take effect. Checks for misconfigurations across all major (and some minor) cloud providers. Applies (and embellishes) user-defined Rego policies. Supports multiple output formats: CLI, JSON, SARIF, CSV, CheckStyle, and JUnit. Configurable (via CLI flags and/or config file). Very fast, capable of quickly scanning huge repositories. ... -
14
reconFTW
Automated framework for domain reconnaissance and vulnerability scans.
reconFTW is an open source automated reconnaissance framework created for security researchers, penetration testers, and bug bounty hunters. The tool streamlines the reconnaissance phase of security assessments by orchestrating numerous specialized tools to gather intelligence about a target domain. It performs multiple discovery and analysis tasks such as subdomain enumeration, OSINT collection, and vulnerability scanning in an automated workflow. The framework integrates many external... -
15
uAssets
Filter lists for uBlock Origin & uBlock Origin Lite
...The project emphasizes efficiency and minimal performance overhead, ensuring that blocking rules do not negatively impact browsing speed. It also includes mechanisms for reporting issues and refining filters based on user feedback. -
16
Cloud Custodian
Rules engine for cloud security, cost optimization, and governance
...It consolidates many of the ad-hoc scripts organizations have into a lightweight and flexible tool, with unified metrics and reporting. Custodian supports managing AWS, Azure, and GCP public cloud environments. Besides just providing reports of issues, Custodian can actively enforce the security policies you define. Setup off-hours to save you money, by turning-off resources when they're not being used. Garbage collects unused resources by looking into utilization metrics. Custodian can be run locally, on an instance, or Serverless in AWS Lambda. Cloud Custodian is open source and free for everyone to use. ... -
17
Conscrypt
Conscrypt is a Java Security Provider
...The provider focuses on contemporary protocol hygiene—up-to-date cipher suite selection, ALPN, session resumption, and hardened defaults—so Java servers and clients negotiate secure connections by construction. Because it builds on BoringSSL’s audited primitives and constant-time implementations, it reduces the risk of subtle side-channel issues while improving handshake and bulk crypto throughput. Conscrypt also exposes platform accelerations (like AES-GCM and ChaCha20-Poly1305) and supports features important to HTTP/2 and HTTP/3 stacks. Its goal is pragmatic: deliver a fast, well-maintained TLS provider that behaves like modern browsers and mobile stacks. -
18
Tsunami
Network security scanner for detecting severity vulnerabilities
...In such hyperscale environments, security vulnerabilities must be detected and ideally remediated in a fully automated fashion. To do so, information security teams need to have the ability to implement and roll out detectors for novel security issues at scale in a very short amount of time. Furthermore, it is important that the detection quality is consistently very high. -
19
UFW Docker
To fix the Docker and UFW security flaw without disabling iptables
UFW is a popular iptables front end on Ubuntu that makes it easy to manage firewall rules. But when Docker is installed, Docker bypasses the UFW rules and the published ports can be accessed from outside. Almost all of these solutions are similar. It requires disabling docker's iptables function first, but this also means that we give up docker's network management function. This causes containers will not be able to access the external network. It is also mentioned in some articles that you... -
20
Google APIs Node.js Client
Google's supported Node.js client library
...These client libraries are supported by Google. However, these libraries are considered complete and are in maintenance mode. This means that we will address critical bugs and security issues but will not add any new features. For Google Cloud Platform APIs, we recommend using google-cloud-node which is under active development. This library supports the maintenance LTS, active LTS, and current release of node.js. -
21
Infosec Reference
An Information Security Reference That Doesn't Suck
Infosec Reference is a curated knowledge base and resource repository for information security practitioners. It aggregates cheat sheets, tooling guides, protocol deep dives, incident response playbooks, and threat actor profiles—all organized under accessible categories (network, web, host, cryptography, auditing). The repo is built as a living wiki of sorts: practitioners contribute updates, expand sections, or refine explanations as the threat landscape evolves. Because security spans... -
22
Brakeman
A static analysis security vulnerability scanner for Ruby on Rails app
Brakeman is a free vulnerability scanner specifically designed for Ruby on Rails applications. It statically analyzes Rails application code to find security issues at any stage of development. Brakeman now uses the parallel gem to read and parse files in parallel. By default, parallel will split the reading/parsing into a number of separate processes based on number of CPUs. In testing, this has dramatically improved speed for large code bases, around 35% reduction in overall scan time. Brakeman will now track and return very simple literal values (e.g. strings, hashes of literals, arrays of literals) from very simple class methods (e.g. single line). ... -
23
Enlightn
Your performance & security consultant, an artisan command away
Enlightn scans your Laravel app code to provide you actionable recommendations on improving its performance, security & more. We'll perform over 100 checks against your application for common issues, and provide actionable feedback for fixing them. Think of Enlightn as your performance and security consultant. Enlightn will "review" your code and server configurations, and give you actionable recommendations on improving performance, security, and reliability! The Enlightn OSS (open source software) version has 64 automated checks that scan your application code, web server configurations, and routes to identify performance bottlenecks, possible security vulnerabilities, and code reliability issues. ... -
24
VeraCrypt
Open source disk encryption with strong security for the Paranoid
...It adds enhanced security to the algorithms used for system and partitions encryption making it immune to new developments in brute-force attacks. It also solves many vulnerabilities and security issues found in TrueCrypt. This enhanced security adds some delay ONLY to the opening of encrypted partitions without any performance impact to the application use phase. This is acceptable to the legitimate owner but it makes it much harder for an attacker to gain access to the encrypted data. All released files are PGP signed with key ID=0x680D16DE, available on key servers and downloadable at https://www.idrix.fr/VeraCrypt/VeraCrypt_PGP_public_key.asc VeraCrypt can mount TrueCrypt volumes. ... -
25
...ngrep is a pcap-aware tool that will allow you to specify extended regular expressions to match against data payloads of packets. SUPPORT/REPORTING BUGS: please use https://github.com/jpr5/ngrep/issues Thank you!
