Find security holes AI tools left behind.
Free instant scan. Finds exposed Supabase service keys, missing RLS, open Firebase rules, leaked secrets in your JS bundle, and more.
- No signup required
- 400+ checks performed
- BaaS-aware
- Auth-safe (passive)
Scanner coverage
- 70+
- vulnerability classes covered
- 250+
- passive checks / scan
- 100+
- active checks / scan
- 50+
- GitHub checks / scan
Compatible with
Scan websites and apps built with AI coding tools.
Deploy from Cursor, Claude Code, Codex, Lovable, Bolt, v0, Replit, and more. FixVibe checks the shipped URL and repo for security gaps AI-generated apps tend to miss.
- Cursor
- Claude Code
- OpenAI Codex
- GitHub Copilot
- Lovable
- Bolt.new
- v0
- Replit Agent
- Windsurf
- Devin
- Google Jules
- Gemini CLI
- Firebase Studio
- Amazon Q Developer
- JetBrains Junie
- Kiro
- Tabnine
- Qodo
- Sourcegraph Amp
- Continue
- Cline
- Roo Code
- Aider
- OpenCode
- Base44
- Anything
- Builder.io Fusion
- Tempo
- Softgen
- Trae
Latest research
New vulnerabilities, every day.
We track newly disclosed CVEs, GHSA advisories, and BaaS misconfiguration patterns that matter to AI-built apps. Public notes explain impact and safe remediation at a high level.
- highresearch note
UnrealIRCd SASL Certificate Fingerprint Spoofing Authentication Bypass (CVE-2016-7144)
A vulnerability in the SASL authentication module of UnrealIRCd allows remote attackers to spoof TLS certificate fingerprints. By sending a crafted AUTHENTICATE parameter, an attacker can bypass authentication and log in as another user.
- criticalresearch note
SQL Injection in GeniXCMS author.control.php (CVE-2017-5517)
GeniXCMS versions up to and including 0.0.8 are vulnerable to a critical SQL injection vulnerability in the author.control.php component. Remote attackers can exploit this by sending malicious payloads through the 'type' parameter, potentially leading to complete database compromise and unauthorized administrative access.
- mediumresearch note
SPIP valider_xml.php Cross-Site Scripting (CVE-2016-7981)
A Cross-Site Scripting (XSS) vulnerability in valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the var_url parameter in a valider_xml action.
Current research, practical context, and coverage updates when checks ship.
All research →