Exercises
| Exercise | Avg. Time | Difficulty | Solved by | Tier | |
|---|---|---|---|---|---|
|
CVE-2025-6X85
This challenge covers the review of a CVE in a python codebase and its patch
|
-- |  |
59 | PRO |
|
|
CVE-2025-6X9X2
This challenge covers the review of a CVE in a python codebase and its patch
|
-- | |
53 | PRO |
|
|
CVE-2025-X942X
This challenge covers the review of a CVE in a python codebase and its patch
|
< 1 Hr. | |
58 | PRO |
|
|
CVE-2025-X270X
This challenge covers the review of a CVE in a python codebase and its patch
|
< 1 Hr. | |
67 | PRO |
|
|
CVE-2021-X5X8
This challenge covers the review of a CVE in a Golang codebase and its patch
|
-- | |
36 | PRO |
|
|
CVE-2025-5XX2X
This challenge covers the review of a CVE in a Golang codebase and its patch
|
-- | |
48 | PRO |
|
CVE-2022-24720
This exercise covers how one can leverage image processing in ActiveStorage to gain command execution.
|
1-2 Hr. |  |
15 | PRO |
|
|
CVE-2025-XX149
This challenge covers the review of a CVE in a Python codebase and its patch
|
< 1 Hr. | |
101 | PRO |
|
|
CVE-2025-6XX4
This challenge covers the review of a CVE published in 2025 in a go codebase and its patch
|
< 1 Hr. | |
45 | PRO |
|
|
CVE-2025-5X3X9
This challenge covers the review of a CVE discovered in 2025 in a golang codebase and its patch
|
-- | |
60 | PRO |
|
|
CVE-2024-47081 | < 1 Hr. | |
21 | PRO |
|
|
CVE-2023-3219X
This challenge covers the review of a CVE in a Golang project and its patch
|
-- | |
60 | PRO |
|
|
CVE-2024-433XX
This challenge covers the review of a CVE in a Python codebase and its patch
|
< 1 Hr. | |
98 | PRO |
|
|
CVE-2025-3X5X
This challenge covers the review of a CVE in a Golang project
|
< 1 Hr. | |
49 | PRO |
|
|
CVE-2025-4913X
This challenge covers the review of a CVE in a Go codebase and its patch. The goal is to review the code to find the security issue.
|
-- | |
58 | PRO |
|
|
CVE-2024-419XX
This challenge covers the review of a CVE in a Python codebase and its patch
|
< 1 Hr. | |
135 | PRO |
|
|
SAML: CVE-2025-25291
This exercise covers the exploitation of CVE-2025-25291 (impacting ruby-saml)
|
2-4 Hr. | |
11 | PRO |
|
|
SAML: CVE-2025-29775 Signed Metadata
This exercise covers the exploitation of CVE-2025-29775 (impacting xml-crypto) without XMLResponse
|
2-4 Hr. | |
8 | PRO |
|
|
CVE-2024-6X3X
This challenge covers the review of a CVE (original vulnerable code and diff) of a real go codebase
|
< 1 Hr. | |
57 | PRO |
|
|
CVE-2019-X03X
This challenge covers the review of a CVE in a golang codebase and its patch
|
< 1 Hr. | |
64 | PRO |
|
|
CVE-2025-XX95X
This challenge is part of our go code review challenges designed to teach you security code review by reviewing patches
|
< 1 Hr. | |
70 | PRO |
|
|
CVE-2019-379X
This challenge is part of our golang code review challenges designed to teach you security code review by reviewing patches
|
< 1 Hr. | |
109 | PRO |
|
|
SAML: CVE-2025-29775
This exercise covers the exploitation of CVE-2025-29775 (impacting xml-crypto)
|
1-2 Hr. | |
16 | PRO |
|
|
CVE-2022-37X1
This challenge covers the review of a CVE in a go codebase and its patch
|
< 1 Hr. | |
77 | PRO |
|
|
CVE-2023-XX463
This challenge covers the review of a CVE in a Go codebase and its patch
|
-- | |
80 | PRO |
|
|
CVE-2024-X5X87
This challenge covers the review of a CVE in a go codebase and its patch
|
-- | |
82 | PRO |
|
|
CVE-2022-XX975
This challenge covers the review of a CVE in a Go codebase and its patch
|
< 1 Hr. | |
87 | PRO |
|
|
CVE-2024-X90X6
This challenge covers the review of a CVE in a Golang codebase and its patch
|
< 1 Hr. | |
110 | PRO |
|
|
CVE-2022-2X8XX
This challenge covers the review of a CVE in a Golang codebase and its patch
|
< 1 Hr. | |
144 | PRO |
|
|
CVE-2022-X10X8
This challenge covers the review of a CVE in a Golang codebase and its patch
|
1-2 Hr. | |
131 | PRO |
Showing 31–60 of 170 exercises
Free Labs of the Month
