The vulnerabilities included are only those that can (or should be) detectable via automated scanners.
They have been developed to test OWASP ZAP but can be used for any other legitimate purpose.
Each page should contain only one vulnerability, and should be as simple as possible an example.
Only essential links should be included so that automated spidering can be constrained as easily as possible.
See source code for licence details.