Vulhub is an open-source collection of pre-built, ready-to-use vulnerable Docker environments. With just one command you can launch a vulnerable environment for security research, learning, or demonstration, no prior Docker experience required.
Quick Start
Install Docker (example for Ubuntu 24.04):
# Install the latest version docker
curl -s https://get.docker.com/ | sh
# Run docker service
systemctl start docker
For other operating systems, see the Docker documentation.
Although all Vulhub environments are running based on Docker Compose, you no longer need to install docker-compose separately. Instead, you can use the built-in docker compose command to start Vulhub environments.
Download and set up Vulhub:
git clone --depth 1 https://github.com/vulhub/vulhub
Launch a vulnerable environment:
cd vulhub/langflow/CVE-2025-3248 # Example: enter a vulnerability directory
docker compose up -d
Each environment directory contains a detailed README with reproduction steps and usage instructions.
Clean up after testing:
docker compose down -v
[!NOTE]
- Use a VPS or VM with at least 1GB RAM for best results
- The
your-ipin documentation refers to your host/VPS IP, not the Docker container IP- Ensure Docker has permission to access all files in the current directory to avoid permission errors
- Vulhub currently supports only x86 architectures (not ARM)
- All environments are for testing and educational purposes only. Do not use in production!
Contributing
If you encounter errors during build or runtime, please first check if they are caused by Docker or related dependencies. If you confirm an issue with a Dockerfile or Vulhub code, submit an issue. See FAQ for troubleshooting tips.
For questions, contact us:
Thanks to all contributors:
Partners
Our partners and users:
Sponsor Vulhub on GitHub Sponsor, OpenCollective, or Patreon 🙏
More ways to donate.
License
Vulhub is licensed under the MIT License. See LICENSE for details.