Find security holes AI tools left behind.
Free instant scan. Finds exposed Supabase service keys, missing RLS, open Firebase rules, leaked secrets in your JS bundle, and more.
- No signup required
- 450+ checks performed
- BaaS-aware
- Auth-safe (passive)
Scanner coverage
- 140+
- vulnerability classes covered
- 270+
- passive checks / scan
- 120+
- active checks / scan
- 80+
- GitHub checks / scan
Compatible with
Scan websites and apps built with AI coding tools.
Deploy from Cursor, Claude Code, Codex, Lovable, Bolt, v0, Replit, and more. FixVibe checks the shipped URL and repo for security gaps AI-generated apps tend to miss.
- Cursor
- Claude Code
- OpenAI Codex
- GitHub Copilot
- Lovable
- Bolt.new
- v0
- Replit Agent
- Windsurf
- Devin
- Google Jules
- Gemini CLI
- Firebase Studio
- Amazon Q Developer
- JetBrains Junie
- Kiro
- Tabnine
- Qodo
- Sourcegraph Amp
- Continue
- Cline
- Roo Code
- Aider
- OpenCode
- Base44
- Anything
- Builder.io Fusion
- Tempo
- Softgen
- Trae
Latest research
New vulnerabilities, every day.
We track newly disclosed CVEs, GHSA advisories, and BaaS misconfiguration patterns that matter to AI-built apps. Public notes explain impact and safe remediation at a high level.
- highcovered by FixVibe
Heap Buffer Overflow in NGINX ngx_http_rewrite_module (CVE-2026-42945)
CVE-2026-42945 affects NGINX Open Source and NGINX Plus release ranges when vulnerable rewrite-module configuration is loaded. FixVibe GitHub repo scans now flag affected-version evidence paired with NGINX rewrite configuration evidence, while keeping runtime exploitability unverified.
- highcovered by FixVibe
Integer Overflow in SQLitePCLRaw.lib.e_sqlite3 (CVE-2025-6965)
The NuGet package SQLitePCLRaw.lib.e_sqlite3 provides native SQLite binaries for .NET applications and is associated with CVE-2025-6965 / GHSA-2m69-gcr7-jv3q when affected package versions bundle SQLite before the upstream 3.50.2 fix. FixVibe now covers this as a GitHub repo dependency advisory by flagging NuGet project or lockfile evidence for affected SQLitePCLRaw native SQLite packages, without claiming runtime memory-corruption proof.
- criticalnot automatically checked
Path Traversal and Privilege Escalation in Fortinet FortiSandbox (CVE-2026-39813)
Fortinet FortiSandbox 5.0.0 through 5.0.5 and 4.4.0 through 4.4.8 are affected by CVE-2026-39813, a critical path traversal advisory in the JRPC API. FixVibe treats this as research guidance only because a safe generic scan cannot verify the vulnerable condition without intrusive product-specific probing.
Current research, practical context, and coverage updates when checks ship.
All research →