harsharajkumar273/api-vulnerability-dataset-10k

--- language: - en license: mit tags: - security - api-security - vulnerability-detection - code - owasp task_categories: - text-classification - text-generation size_categories: - 1K<n<10K --- # API Vulnerability Dataset (10K) A dataset of **10,000 API-specific vulnerability samples** used to fine-tune [harsharajkumar273/api-security-qlora](https://huggingface.co/harsharajkumar273/api-security-qlora) — a QLoRA adapter on CodeLlama-7b for automated API security analysis. ## Dataset Summary Each sample contains a vulnerable or clean API endpoint code snippet paired with a structured security analysis covering vulnerability type, severity, CWE ID, and a remediated version. ## Language & Framework Distribution | Language | Share | Frameworks | |---|---|---| | Python | 46% | Flask, FastAPI, Django | | JavaScript | 25% | Express.js, NestJS | | Java | 15% | Spring Boot | | PHP / Go / Ruby / C# | 14% | Laravel, Gin, Rails, ASP.NET | ## Vulnerability Distribution | Vulnerability | Samples | CWE | |---|---|---| | SQL Injection | 2,425 | CWE-89 | | Mass Assignment | 1,307 | CWE-915 | | Path Traversal | 943 | CWE-22 | | IDOR | 860 | CWE-639 | | Broken Authorization | 792 | CWE-285 | | Command Injection | 600 | CWE-78 | ## Severity Breakdown - **Critical (43%)**: RCE, SQLi, unauthorized admin access - **High (41%)**: Data leaks, IDOR, authorization bypass - **Medium / Clean (16%)**: XSS, input validation warnings, baseline clean samples ## Usage This dataset was used to fine-tune the [api-security-qlora](https://huggingface.co/harsharajkumar273/api-security-qlora) adapter and is also consumed directly by the [API Security Scanner](https://github.com/harsharajkumar/api-security) rules engine. ## Credits **CS6380 — API Security Project** Authors: Siddhanth Nilesh Jagtap · Tanuj Kenchannavar · Harsha Raj Kumar