A set of small vulnerable web applications mostly based on NodeJS used for web security seminars @ University of Pavia.
The repository showcases the following attacks:
In addition, basic implementations of HTTP clients can be found here.
A useful resource if you Want to understand what are the major web attacks and how they work, use hacksplaining
Enjoy!