This repository is the official home for the OWASP Top 10, a widely cited list of the ten most critical security risks affecting web applications. OWASP stands for the Open Worldwide Application Security Project, a nonprofit that produces free security guidance used by developers, auditors, and organizations around the world. The Top 10 list is updated periodically based on data collected from real-world vulnerabilities and security assessments, and many companies treat it as a baseline reference when evaluating or improving the security of their software. The current edition is the OWASP Top 10:2025, released as the final version. The 2021 edition is also available here, now marked as superseded. Older editions from 2017 are archived in PDF and PowerPoint format for historical reference. The repository holds the source files used to build the published documents. Readers who want to study the Top 10 list itself are directed to the OWASP website, not to raw files in this repository. The project is led by five co-leaders who accept feedback, comments, and reported issues through GitHub. This is a documentation repository with no code to install or run. The README is sparse and mainly provides links to the published editions and the leadership team's contact information. Anyone interested in web application security, whether a developer, a PM, or a founder, would find the published documents more useful than browsing this repository directly.
← owasp on gitmyhub — every repo by this author, as a profile.
Verify against the repo before relying on details.