node-api-goat

A simple Express.JS REST API application exposes endpoints with code that contains vulnerabilities.