Vulhub

Vulhub is an open-source collection of pre-built vulnerable docker environments for security researchers and educators.

18.4k+ Stars4.5k+ Forks291 Environments
# Clone the repository
git clone --depth 1 https://github.com/vulhub/vulhub.git

# Enter the directory
cd vulhub/spring/CVE-2022-22947

# Start the environment
docker compose up -d

Why Use Vulhub?

Docker Based

All environments are built with Docker and Docker Compose, making them easy to deploy and isolate.

Real Vulnerabilities

Practice with real-world vulnerabilities in a safe, controlled environment for learning and research.

Well Documented

Each vulnerability comes with detailed documentation explaining the vulnerability and exploitation steps.

Latest Environments

View all environments
RCECMS
Created 2 days ago

CraftCMS ConditionsController Pre-Auth Remote Code Execution

Explore the CraftCMS ConditionsController Pre-Auth Remote Code Execution vulnerability and learn how to exploit it.

Learn more
CVE-2023-41892
RCE
Created 4 days ago

Cacti RRDTool Post-Auth Argument Injection Leads to RCE

Explore the Cacti RRDTool Post-Auth Argument Injection Leads to RCE vulnerability and learn how to exploit it.

Learn more
CVE-2025-24367
SQL InjectionRCE
Created 4 days ago

Cacti graph_view.php SQL Injection Leads to RCE

Explore the Cacti graph_view.php SQL Injection Leads to RCE vulnerability and learn how to exploit it.

Learn more
CVE-2023-39361CVE-2024-31459
RCE
Created 4 days ago

ImageMagick Imagetragick Command Injection

Explore the ImageMagick Imagetragick Command Injection vulnerability and learn how to exploit it.

Learn more
CVE-2016-3714
RCEDeserialization
Created 6 days ago

Apache Superset Python Pickle Deserialization Leads to RCE

Explore the Apache Superset Python Pickle Deserialization Leads to RCE vulnerability and learn how to exploit it.

Learn more
CVE-2023-37941
Auth BypassHard Coding
Created 6 days ago

Apache Superset Hardcoded JWT Secret Key Leads to Authentication Bypass

Explore the Apache Superset Hardcoded JWT Secret Key Leads to Authentication Bypass vulnerability and learn how to exploit it.

Learn more
CVE-2023-27524

Ready to start your security research?

Explore our collection of vulnerable environments and enhance your security skills today.