FixVibe

// docs / changelog

Changelog

FixVibe scan-engine updates: new coverage, safety improvements, and accuracy improvements. Newest entries first.

July 2, 2026

  • FIXEDLegal-link false positives reduced. Privacy and terms links that appear after client-side rendering now count correctly, so SPA footers are not reported as missing when the links are visible to users.

June 30, 2026

  • NEWLabel Studio CVE-2025-47783 reflected XSS check. Verified active scans can now flag Label Studio upload-example responses when target-specific label_config evidence shows raw HTML metacharacter reflection, without executing JavaScript, using victim sessions, reading tokens, or storing project data.
  • NEWAVideo video-link command-injection dependency advisory check. GitHub repo scans can now flag Composer manifests and lockfiles that resolve wwbn/avideo versions affected by CVE-2023-25313 / GHSA-pgvh-p3g4-86jw, reporting version-based advisory evidence without logging in to AVideo, submitting video-link input, creating videos, delaying requests, running commands, or claiming runtime command execution.
  • NEWGL.iNet GL-MT3000 firmware advisory check. Verified active scans can now flag public GL.iNet GL-MT3000 firmware 4.4.5 evidence associated with CVE-2026-11451 / GHSA-rw8j-c4m6-h6r7, reporting version-based advisory context without authenticating to the router, changing FTP settings, writing files, sending command input, or claiming command-execution confirmation.
  • IMPROVEDSchneider Modicon M221 remote reboot coverage. The existing passive Modicon M221 firmware check now correlates the same strong public HTTP product and firmware-version evidence with CVE-2018-7789 alongside CVE-2018-7790, reporting version-based advisory context without sending reboot probes, querying Modbus, replaying authentication, uploading PLC programs, or claiming exploit confirmation.
  • NEWMbed TLS certificate-validation repo advisory check. GitHub repo scans can now flag source and build metadata that identify Mbed TLS 3.2.0 through 3.6.0 for CVE-2024-45159, reporting version-based advisory evidence without presenting client certificates, probing TLS handshakes, or claiming authentication-bypass confirmation.
  • NEWOracle Java SE/GraalVM runtime advisory check. GitHub repo scans can now flag explicit Oracle Java SE or Oracle GraalVM Enterprise runtime metadata affected by CVE-2022-21340, reporting version-based advisory evidence without running Java, executing sandboxed code, sending denial-of-service traffic, or claiming runtime exploit confirmation.
  • NEWOpenSSL CMS parsing advisory check. GitHub repo scans can now flag affected OpenSSL CMS parsing release-line evidence for CVE-2025-15467, reporting branch-aware source/config evidence without reproducing crashes, denial-of-service behavior, or code execution.
  • NEWcodfish semantic-release GitHub Action compromise check. GitHub repo scans can now flag workflow YAML that references codfish/semantic-release-action refs associated with the June 2026 compromise, reporting source/config evidence without running GitHub Actions, reading CI secrets, inspecting runners, or claiming credential theft.
  • NEWSpring Data Commons property-path advisory check. GitHub repo scans can now flag Maven and Gradle evidence for Spring Data Commons versions affected by CVE-2018-1274 / GHSA-5q8m-mqmx-pxp9, reporting version-based advisory evidence without running the app, probing Spring Data REST endpoints, sending crafted property-path parameters, stressing CPU or memory, or claiming denial-of-service confirmation.
  • NEWvm2 Promise species sandbox-breakout advisory check. GitHub repo scans can now flag npm manifest and lockfile evidence for vm2 versions affected by CVE-2026-47208 / GHSA-76w7-j9cq-rx2j, reporting version-based advisory evidence without running the app, executing sandbox-breakout proof-of-concept code, inspecting live workers, or claiming host command execution.
  • NEWpyLoad /flashgot dependency advisory check. GitHub repo scans can now flag Python manifest and lockfile evidence for pyload-ng versions affected by CVE-2024-47821 / GHSA-w7hq-f2pj-c53g, reporting version-based advisory evidence without running pyLoad, sending /flashgot requests, changing settings, downloading files, writing script directories, or claiming command execution.
  • NEWSAP Cloud SDK for AI Python advisory check. GitHub repo scans can now flag Python manifest and lockfile evidence for sap-ai-sdk-base versions affected by CVE-2023-25617 / GHSA-xxhh-59gh-6ffx, reporting version-based advisory evidence without running Python, connecting to SAP BusinessObjects, scheduling Program Objects, sending command-injection input, or claiming OS command execution.
  • NEWGradio Windows/Python path traversal advisory check. GitHub repo scans can now flag Gradio dependency evidence for CVE-2026-28414 / GHSA-39mp-8hj3-5c49 and raise confidence when repository configuration also points to Windows with Python 3.13+, without requesting Gradio file endpoints, sending traversal input, reading files, or claiming live arbitrary file read.

June 29, 2026

  • NEWMISP STIX import source advisory check. GitHub repo scans can now flag the CVE-2018-19908 source pattern in app/Model/Event.php when original STIX filenames flow into shell command construction, reporting source-match evidence without running MISP, importing files, or claiming runtime command execution.
  • NEWMindsDB status version advisory coverage. Verified active scans now report MindsDB /api/status version evidence for CVE-2026-27483 when the public status endpoint reports a release before 25.9.1.1. The check is read-only and does not upload files, send traversal filenames, or claim remote-code execution.
  • NEWNiceGUI upload filename source advisory check. GitHub repo scans can now flag CVE-2026-25732 when affected NiceGUI dependency evidence appears with upload-handler source that saves paths built from client-supplied filenames, reporting source/dependency evidence without uploading files, writing outside upload directories, or claiming code execution.

June 18, 2026

  • NEWSillyTavern SearXNG SSRF check. Verified active scans can now confirm when a SillyTavern SearXNG search proxy fetches a FixVibe-controlled external callback URL, reporting only direct external-fetch evidence and avoiding localhost, cloud metadata, private-network, or internal-service probes.
  • NEWGlances unauthenticated API exposure check. Verified active scans can now confirm when the scanned origin exposes Glances REST API identity and metric-shape responses without authentication, recording response shape only and avoiding broad API dumps, process-list, command-line, configuration, or secret collection.
  • NEWSpring Data Commons and XMLBeam advisory check. GitHub repo scans can now flag Maven and Gradle evidence where affected Spring Data Commons versions appear with affected XMLBeam versions for CVE-2018-1259 / GHSA-m929-7fr6-cvjg, reporting version-based advisory evidence without running the app, sending XML payloads, probing endpoints, reading local files, or claiming SSRF confirmation.
  • NEWMoby AuthZ dependency advisory check. GitHub repo scans can now flag Go module manifests that resolve Moby or Docker Engine versions affected by CVE-2026-34040 / GHSA-x744-4wpc-v9h2, reporting version-based advisory evidence without connecting to Docker APIs, probing AuthZ plugins, sending crafted requests, or claiming authorization-bypass confirmation.
  • NEWNGINX rewrite-module config advisory check. GitHub repo scans can now correlate affected NGINX Open Source or NGINX Plus version evidence with rewrite-module configuration evidence for CVE-2026-42945, reporting source/config advisory evidence without running NGINX, sending traffic, crash-testing workers, or claiming memory-corruption proof.
  • NEWSQLitePCLRaw NuGet advisory check. GitHub repo scans can now flag .NET project files, packages.config, and packages.lock.json entries that resolve affected SQLitePCLRaw native SQLite packages for CVE-2025-6965 / GHSA-2m69-gcr7-jv3q, reporting version-based advisory evidence without running .NET apps, executing SQL payloads, or claiming memory-corruption proof.
  • NEWgemini-mcp-tool dependency advisory check. GitHub repo scans can now flag npm manifests and lockfiles that resolve gemini-mcp-tool versions affected by CVE-2026-0755 / GHSA-4h5r-5jm8-jxjm, reporting version-based advisory evidence without running the MCP server, sending command or @file probes, triggering callbacks, reading local files, or claiming runtime exploit confirmation.
  • NEWMastra npm scope compromise advisory check. GitHub repo scans can now flag npm manifests and lockfiles that resolve easy-day-js versions associated with the June 2026 Mastra supply-chain incident, reporting repository dependency evidence without verifying stale npm owner access, running package scripts, inspecting developer hosts, or claiming credential theft.
  • NEWDrupal Core SQL-injection advisory check. GitHub repo scans can now flag Composer manifests and lockfiles that resolve Drupal Core versions affected by CVE-2026-9082 / GHSA-ghwc-95x2-682j, reporting version-based advisory evidence without running Drupal, verifying PostgreSQL, sending SQL payloads, extracting data, or claiming runtime exploit confirmation.
  • NEWParamiko SSH-server authentication advisory check. GitHub repo scans can now flag Python dependency files that resolve Paramiko releases affected by CVE-2018-7750 / GHSA-232r-66cg-79px, reporting version-based advisory evidence without starting an SSH server, sending bypass traffic, or claiming deployed server-mode exposure.
  • NEWApache Tomcat HTTP/2 resource-consumption dependency advisory check. GitHub repo scans can now flag Maven and Gradle build files that resolve Tomcat releases affected by CVE-2020-11996 / GHSA-53hp-jpwq-2jgq, reporting version-based advisory evidence without running Tomcat, sending HTTP/2 denial-of-service traffic, generating high-CPU proof traffic, or claiming runtime availability impact.
  • NEW@andrei-tatar/nora-firebase-common prototype-pollution advisory check. GitHub repo scans can now flag npm manifests and lockfiles that resolve @andrei-tatar/nora-firebase-common versions affected by CVE-2024-30564 / GHSA-jjff-q3q4-5hh8, reporting version-based advisory evidence without running the package, mutating Object.prototype, sending proof payloads, or claiming runtime exploit confirmation.
  • NEWcordova-plugin-inappbrowser Android advisory check. GitHub repo scans can now flag npm manifests, lockfiles, and Cordova config.xml files that resolve cordova-plugin-inappbrowser versions affected by CVE-2019-0219 / GHSA-c6pw-q7f2-97hv, reporting version-based advisory evidence without building mobile binaries, loading proof content, exercising plugin bridge behavior, or claiming deployed Android exploitability.
  • NEWNokogiri libxslt RubyGems advisory check. GitHub repo scans can now flag Gemfile, Gemfile.lock, and gemspec evidence that resolves Nokogiri versions affected by CVE-2019-18197 / GHSA-242x-7cm6-4w8j, reporting version-based advisory evidence without running Ruby, processing XML or XSLT input, crash-testing libxslt, or claiming runtime exploit confirmation.
  • NEWPerl GD CPAN advisory check. GitHub repo scans can now flag cpanfile, cpanfile.snapshot, META/MYMETA, Makefile.PL, and Build.PL evidence that resolves the Perl GD module to versions affected by CVE-2026-11526, reporting version-based advisory evidence without running Perl, processing image files, passing crafted filenames to GD::Image constructors, or claiming command-execution/file-overwrite confirmation.
  • NEWkill-port-process command-injection advisory check. GitHub repo scans can now flag npm manifests and lockfiles that resolve kill-port-process versions affected by CVE-2019-15609 / GHSA-xp4x-j9vh-c3wf, reporting version-based advisory evidence without running the package, sending command payloads, terminating processes, or claiming runtime exploit confirmation.
  • NEWproxy npm dependency advisory check. GitHub repo scans can now flag npm manifests and lockfiles that resolve proxy versions affected by CVE-2023-2968 / GHSA-mj6p-3pc9-wf5m, reporting version-based advisory evidence without running proxy, sending crafted request traffic, crash-testing services, or claiming runtime denial-of-service confirmation.
  • NEWApache ActiveMQ Artemis Jolokia dependency advisory check. GitHub repo scans can now flag Maven and Gradle build files that resolve org.apache.activemq:artemis-cli versions affected by CVE-2023-50780 / GHSA-443j-grxv-2pgv, reporting version-based advisory evidence without authenticating to Jolokia, enumerating MBeans, changing Log4J2 configuration, writing files, restarting services, or claiming live RCE confirmation.
  • NEWApache ActiveMQ Artemis dependency advisory check. GitHub repo scans can now flag Maven and Gradle build files that pin or allow artemis-server versions affected by CVE-2026-27446 / GHSA-fw88-pf9m-p947, reporting version-based advisory evidence without connecting to brokers, triggering federation callbacks, or claiming message injection/exfiltration confirmation.
  • NEWApache Spark UI dependency advisory check. GitHub repo scans can now flag Maven, Gradle, and PySpark dependency files that pin or allow Apache Spark versions affected by CVE-2022-33891 / GHSA-4x9r-j582-cgr8, reporting version-based advisory evidence without visiting Spark UI, sending active exploit probes, or claiming command-execution confirmation.
  • NEWvLLM pickle-deserialization dependency advisory check. GitHub repo scans can now flag Python dependency files that pin or allow vllm versions affected by CVE-2024-9053 / GHSA-cj47-qj6g-x7r4, reporting version-based advisory evidence without running vLLM, exposing AsyncEngineRPCServer, sending pickle payloads, or claiming runtime code-execution confirmation.
  • NEWApache Airflow example-DAG dependency advisory check. GitHub repo scans can now flag Python dependency files that resolve Apache Airflow 2.10.0 or the affected 2.10.1 release candidate for CVE-2024-45498 / GHSA-c392-whpc-vfpr, reporting version-based advisory evidence without probing Airflow UI, triggering DAGs, or claiming command-execution confirmation.
  • NEWONNX download_model_with_test_data advisory check. GitHub repo scans can now flag Python dependency files that pin or allow onnx versions affected by CVE-2024-5187 / GHSA-6rq9-53c3-f7vj and add repository source-call context when download_model_with_test_data appears, reporting dependency/source evidence without running Python, downloading or extracting model archives, creating malicious tar files, overwriting files, or claiming runtime exploit confirmation.
  • NEWYOURLS type-juggling dependency advisory check. GitHub repo scans can now flag Composer and YOURLS source-version evidence for yourls/yourls releases affected by CVE-2019-14537 / GHSA-vf23-f26f-mjj9, reporting version-based advisory evidence without calling the YOURLS API, sending authentication-bypass requests, probing admin pages, or claiming unauthorized access.
  • NEWhttp4k-format-xml dependency advisory check. GitHub repo scans can now flag Maven and Gradle build files that resolve org.http4k:http4k-format-xml versions affected by CVE-2024-55875 / GHSA-7mj5-hjjj-8rgw, reporting version-based advisory evidence without sending XML payloads, SSRF callbacks, local-file reads, or denial-of-service traffic.

June 14, 2026

  • FIXEDDOM XSS fragment probe stability fix. Verified active scans now skip the DOM fragment probe cleanly when browser automation is unavailable at startup, so reports no longer show internal browser-context errors for that check.
  • IMPROVEDExpanded Red Hat npm worm coverage. GitHub repo scans now include additional Wiz-reported @redhat-cloud-services package versions for the Miasma campaign, while still reporting repository dependency evidence without installing packages, executing lifecycle scripts, or claiming credential theft.
  • NEWKnown npm typosquat package check. GitHub repo scans can now flag package manifests and lockfiles that resolve Microsoft-reported vpmdhaj npm typosquat package versions, reporting version-based advisory evidence without installing packages, executing lifecycle scripts, fetching tarballs, contacting attacker infrastructure, or claiming credential theft.
  • NEWCodex Remote UI token-stealing npm package check. GitHub repo scans can now flag package manifests and lockfiles that resolve codexui-android 0.1.82 or newer, reporting version-based advisory evidence without installing the package, executing it, reading Codex auth files, contacting exfiltration infrastructure, or claiming token theft.
  • NEWClaude Code GitHub Action workflow repo check. GitHub repo scans can now flag Claude Code Action workflows with mutable action refs, broad workflow token permissions, or risky access override inputs, reporting workflow YAML evidence without running Actions, executing Claude Code, reading CI secrets, or claiming prompt-injection exploitation.
  • NEWonering Rust crate malware repo check. GitHub repo scans can now flag Cargo manifests or lockfiles that resolve onering 1.4.1 or the known compromised onering git commit, and can flag matching checked-in build.rs evidence, without running Cargo, executing build scripts, fetching crates, or claiming source exfiltration.
  • NEWNode-gyp / Phantom Gyp npm worm repo check. GitHub repo scans can now flag package manifests or lockfiles that resolve known malicious npm package versions from the binding.gyp supply-chain campaign, or flag matching binding.gyp source evidence, without running npm install, executing node-gyp, downloading tarballs, or claiming credential theft.

June 11, 2026

  • IMPROVEDMoxa NPort authentication advisory coverage. The existing verified-active Moxa NPort firmware check now correlates the same strong HTTP model and firmware evidence with CVE-2016-9361 as part of the MCSA-160401 advisory family, while still reporting a version-based advisory without attempting password retries, brute-force checks, firmware uploads, unauthenticated administrative actions, SNMP queries, serial-device protocol probes, crash tests, or exploit confirmation.
  • IMPROVEDMoxa NPort unauthenticated firmware-update advisory coverage. The existing verified-active Moxa NPort firmware check now correlates the same strong HTTP model and firmware evidence with CVE-2016-9369 as part of the MCSA-160401 advisory family, while still reporting a version-based advisory without attempting firmware uploads, unauthenticated administrative actions, SNMP queries, serial-device protocol probes, crash tests, or exploit confirmation.
  • NEWSchneider Modicon M221 firmware advisory check. Passive scans can now flag strong public HTTP product and firmware-version evidence for Modicon M221 controllers associated with CVE-2018-7790, reporting version-based advisory context without capturing credentials, replaying authentication, querying Modbus, uploading PLC programs, or claiming unauthorized-access confirmation.
  • NEWLangflow CVE-2025-34291 CORS advisory check. Verified active scans can now flag affected Langflow instances when target-specific version evidence is paired with credentialed CORS origin reflection, without authenticating, reading tokens, triggering refresh flows, or claiming code-execution confirmation.
  • NEWSiteOmat BOS version advisory check. Verified active scans can now flag public SiteOmat BOS version evidence associated with CVE-2017-14728 as a version-based advisory, without attempting default credentials, SSH login, broad port scans, state-changing management actions, or unauthorized access.
  • NEWSiteOmat login SQL injection advisory check. Verified active scans can now flag public SiteOmat BOS version evidence associated with CVE-2017-14851 as a version-based advisory, without submitting login forms, sending SQL injection payloads, attempting authentication bypass, accessing post-login pages, or making state-changing management requests.
  • NEWSiteOmat CGI buffer-overflow advisory check. Verified active scans can now flag public SiteOmat BOS version evidence associated with CVE-2017-14854 as a version-based advisory, without sending crafted CGI input, overflow payloads, crash tests, broad port scans, state-changing management actions, or exploit requests.
  • NEWKubernetes externalIPs manifest advisory check. GitHub repo scans can now flag Kubernetes Service manifests that declare non-empty spec.externalIPs as source/config hardening evidence for CVE-2020-8554, without inspecting live clusters, checking RBAC, sending traffic, or claiming traffic interception.
  • NEWApache Tomcat EncryptInterceptor dependency advisory check. GitHub repo scans can now flag Maven and Gradle files that resolve exact Tomcat releases associated with CVE-2026-34486 / GHSA-69r9-qgr7-g2wj, reporting version-based advisory evidence without running Tomcat, inspecting cluster traffic, sending crafted Tribes packets, or claiming plaintext-disclosure confirmation.
  • NEWApache Tomcat h2c request mix-up dependency advisory check. GitHub repo scans can now flag Maven and Gradle files that resolve Tomcat embedded-core or Coyote versions affected by CVE-2021-25122 / GHSA-j39c-c8hj-x4j3, reporting version-based advisory evidence without running Tomcat, sending h2c upgrade requests, capturing traffic, or claiming information-disclosure confirmation.
  • NEWPickleScan ZIP CRC dependency advisory check. GitHub repo scans can now flag Python dependency files that pin or allow PickleScan versions affected by CVE-2025-10156 / GHSA-mjqp-26hc-grxg, reporting version-based advisory evidence without running PickleScan, creating corrupted archives, loading models, or claiming runtime code-execution confirmation.
  • NEWNLTK Zip Slip dependency advisory check. GitHub repo scans can now flag Python dependency files that pin or allow NLTK versions affected by CVE-2025-14009 / GHSA-7p94-766c-hgjp, reporting version-based advisory evidence without running Python or NLTK, calling nltk.download(), extracting packages, creating malicious archives, or claiming runtime code-execution confirmation.
  • NEWTanStack ArkType adapter malware dependency check. GitHub repo scans can now flag package manifests and lockfiles that resolve @tanstack/arktype-adapter to malicious versions 1.166.12 or 1.166.15 from CVE-2026-45321 / GHSA-g7cv-rxg3-hmpx, reporting version-based advisory evidence without running npm install, executing lifecycle scripts, downloading tarballs, or claiming credential theft.
  • NEWMbed TLS CVE-2021-44732 repo advisory check. GitHub repo scans can now flag source and build metadata that identify Mbed TLS versions affected by CVE-2021-44732, reporting version-based advisory evidence without running Mbed TLS, forcing out-of-memory behavior, calling session-copy APIs, or claiming live double-free confirmation.
  • NEWIIS TRACK method exposure check. Verified active scans can now flag legacy TRACK echo behavior associated with CVE-2003-1567 using non-sensitive request evidence, without sending cookies, credentials, browser exploit pages, user traffic, or state-changing requests.
  • NEWRed Hat npm worm dependency advisory check. GitHub repo scans can now flag package manifests and lockfiles that resolve known compromised @redhat-cloud-services npm versions associated with the credential-stealing worm campaign, reporting dependency evidence without executing install scripts or claiming credential theft.
  • NEWDICOM executable preamble check. GitHub repo scans can now flag committed DICOM files whose Part 10 preamble carries executable-file evidence, reporting static file evidence without executing the file or claiming production compromise.

June 10, 2026

  • NEWMbed TLS CVE-2023-45199 repo advisory check. GitHub repo scans can now flag source and build metadata that identify Mbed TLS 3.2.x through 3.4.x, reporting version-based advisory evidence without sending TLS handshake payloads or claiming live memory corruption.
  • NEWRockwell MicroLogix 1100 advisory fingerprint. Passive scans can now flag strong public HTTP evidence of a Rockwell Automation MicroLogix 1100 controller associated with CVE-2021-33012, reporting advisory context without sending industrial protocol commands or claiming denial-of-service behavior.
  • NEWMoxa NPort firmware advisory check. Verified active scans can now flag public HTTP model and firmware-version evidence for Moxa NPort devices associated with CVE-2016-9363, reporting version-based advisory context without sending crafted packets, querying SNMP, testing serial-device services, or claiming exploit confirmation.
  • NEWRockwell MicroLogix 1100 authentication-attempt advisory check. Verified active scans can now flag public HTTP model and firmware evidence for MicroLogix 1100 controllers associated with CVE-2017-7898, reporting version-based advisory context without attempting logins, brute force, or industrial protocol probes.
  • NEWLog4j 1.2 JDBCAppender advisory check. GitHub repo scans can now flag Log4j 1.2 dependency evidence paired with JDBCAppender SQL configuration for CVE-2022-23305 / GHSA-65fg-84f6-3jq3, reporting repository/config evidence without executing SQL, writing log events, or claiming runtime database compromise.
  • NEWLog4j 1.2 JMSAppender advisory check. GitHub repo scans can now flag Log4j 1.2 dependency evidence paired with JMSAppender configuration for CVE-2021-4104 / GHSA-fp5r-v3w9-4333, reporting repository/config evidence without contacting JNDI or JMS services or claiming runtime exploit confirmation.
  • NEWMicrosoft ATL MS09-035 source advisory check. GitHub repo scans can now flag legacy Visual C++ ATL project metadata paired with ATL source usage associated with CVE-2009-0901/CVE-2009-2493/CVE-2009-2495, reporting source/build advisory evidence without inspecting build machines, sending malformed streams, probing information disclosure, or claiming live code-execution confirmation.
  • NEWLangflow CVE-2026-33017 version advisory check. Verified active scans can now flag public Langflow version evidence for CVE-2026-33017 / GHSA-vwmf-pq79-vjvx as a version-based advisory, without submitting flow data, building flows, executing code, or claiming public-flow exploit confirmation.
  • NEWKeras CVE-2025-1550 dependency advisory check. GitHub repo scans can now flag Python dependency files that pin or allow Keras versions affected by CVE-2025-1550 / GHSA-48g7-3x6r-xfhp, reporting version-based advisory evidence without loading model archives, generating payloads, or claiming runtime code-execution confirmation.
  • NEWTLS RC4 negotiation advisory check. Verified active scans can now flag TLS endpoints that still select RC4 cipher suites associated with CVE-2015-2808, reporting confirmed RC4 support without capturing traffic or claiming plaintext recovery.
  • NEWTLS Sweet32 DES/3DES advisory check. Verified active scans can now flag TLS endpoints that still select DES or 3DES 64-bit block cipher suites associated with CVE-2016-2183, reporting confirmed cipher negotiation without capturing traffic or claiming plaintext recovery.
  • NEWSchneider PowerLogic EGX advisory check. Verified active scans can now flag public PowerLogic EGX100 firmware or EGX300 product evidence associated with CVE-2021-22765/CVE-2021-22767/CVE-2021-22768, reporting product/firmware advisory context without sending crafted HTTP packets, querying industrial protocols, crash-testing gateways, or claiming exploit confirmation.

May 27, 2026

  • NEWArcserve UDP CVE-2025-34523 version advisory check. Verified active scans can now flag public Arcserve UDP version evidence for CVE-2025-34523 as a version-based advisory, without sending crafted heap-overflow input, crash-testing the service, authenticating to the console, or claiming command execution.
  • NEWLiferay Portal CVE-2010-5327 version advisory check. Verified active scans can now flag public Liferay Portal version evidence for CVE-2010-5327 as a version-based advisory, without authenticating, editing templates, sending template payloads, or claiming command execution.
  • NEWws excessive-header DoS dependency advisory check. GitHub repo scans can now flag npm manifests and lockfiles that resolve ws versions affected by CVE-2024-37890 / GHSA-3h5v-q93c-6h6q, reporting version-based advisory evidence without sending denial-of-service traffic or claiming runtime WebSocket exposure.

May 25, 2026

  • IMPROVEDSPIP version advisory wording. Passive SPIP version findings now distinguish version-fingerprint advisory evidence for CVE-2016-7980 and CVE-2016-7998 from runtime exploit proof, without active CSRF, local-file validation, or template-execution reproduction.
  • FIXEDActive scan reliability and SSTI accuracy fix. Active scans now safely store response-derived evidence that contains unsupported control characters, and SSTI reporting requires stronger target-specific template-evaluation evidence instead of common page or static-asset content.

May 24, 2026

  • NEWWebdriverIO BrowserStack service dependency advisory check. GitHub repo scans can now flag npm manifests and lockfiles that resolve @wdio/browserstack-service versions affected by CVE-2026-25244 / GHSA-5c46-x3qw-q7j7, reporting version-based advisory evidence without running WebdriverIO, starting BrowserStack Local, or using command payloads.
  • NEWWordPress REST API user-exposure check. Verified active scans can now report WordPress REST users endpoints that return public user slugs to unauthenticated clients, with medium-severity exposure wording that does not claim WordPress version proof or account compromise.
  • NEWDjango CSRF dependency advisory check. GitHub repo scans can now flag Python dependency files that pin or allow Django versions affected by CVE-2011-0696 / GHSA-5j2h-h5hg-3wf8, reporting version-based advisory evidence without running Django, probing state-changing routes, or claiming runtime CSRF exploitability.
  • NEWTMT Lockcell SQL injection active check. Verified active scans can now report TMT Lockcell login surfaces whose responses change consistently with CVE-2023-3047, using a bounded login-response comparison that does not run timing delays, follow authenticated redirects, or extract database data.
  • NEWOpenSSL PowerPC Poly1305 advisory check. GitHub repo scans can now correlate affected OpenSSL 3.x version evidence with PowerPC build/deployment evidence for CVE-2023-6129, reporting version-and-architecture advisory evidence without reproducing state corruption or denial-of-service behavior.

May 23, 2026

  • NEWelecterm unauthorized command-execution advisory check. GitHub repo scans can now flag npm manifests and lockfiles that pin or allow electerm versions affected by CVE-2020-23256 / GHSA-x73w-g8hx-v7rp, reporting the result as a version-based advisory without probing or starting the electerm service.
  • NEWSaltStack Salt dependency advisory check. GitHub repo scans can now flag Python dependency evidence for Salt versions affected by CVE-2017-12791 / GHSA-xxvj-8g5m-4qgw, reporting it as a version-based advisory without probing Salt master handshakes.
  • NEWrclone RC fsinfo exposure check. Verified active scans can now confirm unauthenticated rclone Remote Control fsinfo exposure associated with CVE-2026-41179 / GHSA-jfwf-28xr-xw6q, using bounded metadata evidence without command execution.
  • NEWApache Tomcat session-persistence advisory check. GitHub repo scans can now flag Maven and Gradle build files that resolve Tomcat versions affected by CVE-2020-9484 / GHSA-344f-f5vg-2jfj, and strengthen the finding when repo configuration also shows FileStore-backed PersistentManager session persistence.
  • NEWNote Mark dependency advisory check. GitHub repo scans can now flag Go manifests that resolve Note Mark backend versions affected by CVE-2026-44522 / GHSA-g49p-4qxj-88v3, reporting the result as a version-based advisory without uploading files, triggering exports, or claiming live RCE confirmation.

May 20, 2026

  • NEWGogs dependency advisory check. GitHub repo scans can now flag Go manifests that pin affected Gogs versions for CVE-2018-20303 / GHSA-9hxg-w7qf-hh93, with version-based advisory evidence rather than path-traversal confirmation.
  • NEWdeephas prototype-pollution advisory check. GitHub repo scans can now flag npm manifests and lockfiles that resolve deephas versions affected by CVE-2020-28271 / GHSA-4fr2-j4g9-mppf, with version-based advisory evidence rather than runtime prototype-pollution confirmation.
  • NEWOpenSSL TLSv1.3 session advisory check. GitHub repo scans can now correlate affected OpenSSL version evidence with TLSv1.3 session-configuration evidence for CVE-2024-2511, reporting medium-confidence source/config evidence rather than live denial-of-service confirmation.

May 19, 2026

  • IMPROVEDelecterm Linux install-script coverage. The electerm dependency advisory now includes CVE-2026-41501 / GHSA-8x35-hph8-37hq alongside the existing macOS install-script advisory, keeping the finding scoped to npm manifest and lockfile evidence rather than exploit confirmation.
  • NEWGeniXCMS author-route SQL injection check. Verified active scans can now confirm CVE-2017-5517-style database error behavior on GeniXCMS author routes with target-specific evidence, without data extraction or destructive SQL probes.
  • NEWNetmaker DNS key authorization-bypass check. Verified active scans can now confirm CVE-2023-32077 exposure on Netmaker deployments when the read-only DNS API denies the baseline request but returns DNS record evidence through the legacy DNS authorization path, without creating, modifying, or deleting records.
  • NEWopenDCIM source command-injection check. GitHub repo scans can now flag the CVE-2026-28517 source/config pattern in report_network_map.php with source-match evidence, confidence, and runtime-exploitability limits instead of active command execution.
  • NEWSPIP valider_xml XSS check. Verified active scans can now confirm CVE-2016-7981-style unescaped URL reflection on SPIP deployments with target-specific HTML-context evidence, without executing JavaScript in a browser.
  • NEWApache Tomcat Coyote dependency advisory check. GitHub repo scans can now flag Maven and Gradle build files that resolve Tomcat Coyote or embedded-core versions affected by CVE-2025-48989 / GHSA-gqp3-2cvr-x8m3, with version-based advisory evidence rather than runtime denial-of-service confirmation.
  • NEWveraPDF XSLT dependency advisory check. GitHub repo scans can now flag Maven and Gradle build files that resolve veraPDF artifacts affected by CVE-2024-28109 / GHSA-qxqf-2mfx-x8jw, with version-based advisory evidence rather than XSLT execution confirmation.

May 18, 2026

  • NEWelecterm dependency advisory check. GitHub repo scans can flag npm manifests and lockfiles that pin or allow electerm versions affected by CVE-2026-41500 / GHSA-wxw2-rwmh-vr8f and CVE-2026-41501 / GHSA-8x35-hph8-37hq, with version-based advisory evidence rather than exploit confirmation.
  • NEWOpenCms dependency advisory check. GitHub repo scans can now flag Maven pom.xml files that pin or resolve org.opencms:opencms-core versions affected by CVE-2023-42344 / GHSA-rcc6-6q2f-m2cw, with version-based advisory evidence rather than XXE exploit confirmation.
  • NEWMagicMirror /cors SSRF check. Verified active scans can now confirm CVE-2026-42281 exposure on MagicMirror instances when the unauthenticated /cors endpoint fetches a FixVibe-controlled external callback, without probing internal services.

May 17, 2026

  • NEWFUXA hardcoded JWT secret check. Verified active scans can now confirm CVE-2025-69971 exposure on FUXA instances that still trust the vulnerable fallback JWT signing configuration.
  • NEWCKAN DataStore SQL exposure check. Verified active scans can now confirm unauthenticated CKAN DataStore SQL access associated with CVE-2026-42031 and guide teams to patched CKAN release lines or safer DataStore configuration.

May 16, 2026

  • NEWPDF.js dependency advisory check. GitHub repo scans can now flag npm manifests and lockfiles that pin or allow pdfjs-dist versions affected by CVE-2024-4367 / GHSA-wgrm-67xf-hhpq.
  • NEWActive scans via REST API and MCP. Active scans can now be triggered from REST and MCP against verified domains that have been explicitly authorized from the dashboard. Authorization is revocable at any time.
  • NEWSafer authorization levels for active scans. Domain authorization now distinguishes safer automated active checks from deeper active testing, so teams can automate the right level of verification for each domain.
  • NEWFirst-use webhook for API/MCP active scans. A webhook can notify teams the first time an API/MCP-triggered active scan runs against a newly authorized domain.
  • IMPROVEDReferrer-Policy findings improved. Missing or weak Referrer-Policy findings now distinguish URL-referrer leakage from broader information exposure, include document-response evidence, and provide generic plus static-host fix guidance.
  • IMPROVEDPermissions-Policy findings improved. Missing or weak Permissions-Policy findings now include feature-level evidence, distinguish broad feature allowlists from missing hardening, and provide generic plus static-host fix guidance for Vercel, Netlify, Cloudflare Pages, proxies, and app servers.
  • IMPROVEDClickjacking header prompts improved. Missing X-Frame-Options findings now explain that CSP frame-ancestors is the modern control, include Vercel/static SPA header guidance, and verify x-frame-options alongside CSP.
  • IMPROVEDCSP header evidence and fix prompts improved. Missing-CSP reports now include clearer hosting and response context plus safer framework-aware remediation guidance.
  • FIXEDVercel path-probe false positives reduced. FixVibe now requires stronger application-specific evidence before reporting exposed framework artifacts on deployments that rewrite unknown routes to the app shell.
  • FIXEDCompliance findings no longer carry misleading CWE tags. The legal-compliance check previously tagged "missing privacy policy" and "missing terms of service" findings with CWE-359 (PII exposure), which doesn't describe the actual gap. Those findings now ship without a CWE โ€” they're compliance/governance items, not classifiable security weaknesses.

May 15, 2026

  • NEWAdditional research-informed checks. FixVibe shipped more coverage based on recent vulnerability research and mapped duplicate topics to existing scanner modules where coverage already existed.
  • NEWRepository secret leak check. GitHub repo scans can now flag hardcoded provider keys and high-entropy secret-like values committed to source, with evidence masked and the standard FixVibe rotation prompt included.
  • NEWVercel deployment protection check. Passive scans can now flag public *.vercel.app generated deployment URLs that respond without Vercel Deployment Protection, while existing header checks continue to audit CSP, HSTS, and browser hardening.

May 14, 2026

  • NEWLiteLLM dependency advisory check. GitHub repo scans can now flag Python dependency files that pin or allow LiteLLM versions affected by CVE-2026-42208 / GHSA-r75f-5x8p-qvmc.
  • NEWLibreNMS dependency advisory check. GitHub repo scans can now flag Composer manifests that pin or allow LibreNMS versions affected by CVE-2024-51092 / GHSA-x645-6pf9-xwxw.
  • IMPROVEDFirebase rules detection improved. BaaS scans now detect more Firebase app shapes and use read-only evidence to identify risky public data exposure.

May 13, 2026

  • NEWRepo Supabase RLS migration check. GitHub repo scans can now flag Supabase SQL migrations that create public tables without a matching ALTER TABLE ... ENABLE ROW LEVEL SECURITY statement.
  • NEWSupabase Storage posture check. Passive scans can now review public Supabase Storage buckets and anonymous object-listing exposure alongside existing RLS and key checks.
  • NEWAI-generated code guardrail check. GitHub repo scans can now flag missing security automation around code scanning, secret scanning, dependency updates, and AI-agent instructions.

May 12, 2026

  • NEWRepo web-app risk checklist. GitHub repo scans can now flag high-confidence OWASP-style code risks such as raw SQL interpolation, unsafe HTML sinks, credentialed wildcard CORS, disabled TLS verification, and weak JWT secret fallbacks.
  • NEWNext.js middleware-bypass check. Active scans for verified domains can now confirm CVE-2025-29927 exposure on middleware-protected routes before reporting it, and reports include the standard FixVibe AI fix prompt for remediation.

May 9, 2026

  • SECURITYCross-origin scope hardening. Active scans and client-asset checks now stay within the authorized target scope and avoid carrying customer-provided credentials across cross-origin redirects.
  • FIXEDSupabase RLS check is now strictly read-only. Supabase posture checks now avoid write attempts and focus on safe exposure signals. Verified-domain active testing remains the boundary for deeper confirmation.
  • IMPROVEDSecurity-header findings only apply to root HTML responses. Missing CSP, Permissions-Policy, X-Frame-Options, or Referrer-Policy on a 204, JSON API, file download, or 404 no longer produces a finding. HSTS and X-Content-Type-Options still grade across all responses.
  • IMPROVEDAuth-flow and rate-limit checks now require stronger evidence. FixVibe now reports these issues only when the application behavior clearly supports the finding, reducing noise from generic error pages and unsupported methods.
  • IMPROVEDFile-upload findings tier by exploitability evidence. File-upload reports now separate low-confidence acceptance signals from stronger evidence of risky serving behavior, reducing over-severity on benign upload handlers.

May 7, 2026

  • FIXEDThreat-intel listing accuracy improved. FixVibe now distinguishes real blocklist evidence from resolver diagnostics so threat-intel findings do not over-report on infrastructure-side lookup responses.
  • NEWGitHub repo scans. Connect a repo and FixVibe checks the source for leaked Supabase service keys, Firebase admin tokens, risky workflow files, and outdated dependencies โ€” without ever loading your deployed site. See Scan types.
  • NEWSAST checks for risky JavaScript. Repo scans now flag new Function() and setTimeout("string") โ€” both equivalent to eval() when fed untrusted input.
  • FIXEDFalse โ€œexposed fileโ€ findings on Vercel / Cloudflare sites. Bare 403 Forbidden responses are no longer reported as โ€œfile existsโ€ โ€” most edge providers return 403 for suspicious-looking paths whether the file is there or not. We now require a positive HTTP signal before flagging.
  • FIXEDRepo-code false positives reduced. Repo scans now avoid flagging security terms in comments, documentation, test helpers, and clearly server-only contexts for several high-signal code checks.
  • FIXEDSupabase anon key in localStorage no longer reports as a JWT-in-storage finding โ€” the anon key is the publicly-intended client token. Real service-role tokens in browser storage are now critical with a clearer title.
  • FIXEDCSP weakness detection improved. Content-Security-Policy checks now catch more permissive source policies while keeping evidence and remediation focused on the effective browser policy.
  • FIXEDReflected-XSS check tightened. Active scans now require stronger reflection evidence before reporting executable-context risk, reducing false positives from unrelated markup on the page.
  • FIXEDDomain verification handles apex โ†” www redirects correctly and is clearer about which value goes in the TXT-record Host field.

Format

Each entry is tagged so you can skim:

  • NEW A new check, surface, or feature.
  • IMPROVED Existing behaviour got better โ€” more accurate, faster, clearer.
  • FIXED A bug we shipped and then squashed.
  • SECURITY Hardening, vulnerability fixes, or compliance changes.

Spot something that broke and isn't logged here? Email support@fixvibe.app.

Changelog โ€” Docs ยท FixVibe