// docs / changelog
변경 로그
FixVibe 스캔 엔진 업데이트: 새로운 적용 범위, 안전 개선 및 정확성 개선. 최신 항목이 먼저 표시됩니다.
2026-07-02
- FIXEDLegal-link false positives reduced. Privacy and terms links that are visible after client-side rendering now count correctly, so SPA footers are not reported as missing when users can see those links.
2026년 6월 30일
- NEWLabel Studio CVE-2025-47783 reflected XSS check. Verified active scans now flag Label Studio upload-example responses when target-specific label_config evidence shows raw HTML metacharacter reflection, without executing JavaScript, using victim sessions, reading tokens, or storing project data.
- NEWAVideo CVE-2023-25313 / GHSA-pgvh-p3g4-86jw advisory. Repo scans flag affected wwbn/avideo Composer manifests and lockfiles below 12.4 with version-based evidence only; no AVideo login, video-link submission, video creation, request-delay checks, command execution, or runtime exploit claim.
- NEWGL.iNet GL-MT3000 CVE-2026-11451 advisory. Verified active scans flag GL.iNet GL-MT3000 firmware 4.4.5 as version-based advisory evidence only; no router authentication, FTP-setting changes, file writes, command input, or command-execution claim.
- IMPROVEDSchneider Modicon M221 원격 재부팅 커버리지. 기존 수동 Modicon M221 펌웨어 검사가 동일한 강한 공개 HTTP 제품 및 펌웨어 버전 증거를 CVE-2018-7790과 함께 CVE-2018-7789에도 연결해요. 재부팅 프로브, Modbus 조회, 인증 재생, PLC 프로그램 업로드, 익스플로잇 확인 주장 없이 버전 기반 권고 컨텍스트로 보고해요.
- NEWMbed TLS CVE-2024-45159 repo advisory coverage. GitHub repo scans now flag source and build metadata for affected Mbed TLS 3.2.0 through 3.6.0 releases, reporting version-based advisory evidence without client-certificate probes, TLS handshake testing, or authentication-bypass confirmation.
- NEWOracle Java SE/GraalVM CVE-2022-21340 repo advisory coverage. GitHub repo scans now flag explicit Oracle Java SE or Oracle GraalVM Enterprise runtime metadata, reporting version-based advisory evidence without running Java, sandbox-code proof, denial-of-service traffic, or runtime exploit confirmation.
- NEWOpenSSL CMS CVE-2025-15467 advisory. GitHub repo scans now flag affected OpenSSL CMS release-line evidence and report branch-aware source/config evidence without crash, denial-of-service, or code-execution reproduction.
- NEWcodfish semantic-release GitHub Action compromise check. Repo scans can now flag workflow YAML references to codfish/semantic-release-action refs associated with the June 2026 compromise, reporting source/config evidence only. The check does not run GitHub Actions, read CI secrets, inspect runners, or claim credential theft.
- NEWSpring Data Commons property-path advisory coverage. GitHub repo scans now report Maven/Gradle dependency evidence for Spring Data Commons versions associated with CVE-2018-1274 / GHSA-5q8m-mqmx-pxp9. The finding stays version-based and does not run the app, probe Spring Data REST endpoints, send crafted property-path parameters, stress CPU or memory, or claim denial-of-service confirmation.
- NEWvm2 Promise species advisory coverage. GitHub repo scans now report npm manifest and lockfile evidence for vm2 versions associated with CVE-2026-47208 / GHSA-76w7-j9cq-rx2j. The finding stays version-based and does not run the app, execute sandbox-breakout proof-of-concept code, inspect live workers, or claim host command execution.
- NEWpyLoad /flashgot advisory coverage. GitHub repo scans now report Python manifest and lockfile evidence for pyload-ng versions associated with CVE-2024-47821 / GHSA-w7hq-f2pj-c53g. The finding stays version-based and does not run pyLoad, send /flashgot requests, change settings, download files, write script directories, or claim command execution.
- NEWSAP Cloud SDK for AI Python advisory check. GitHub repo scans now flag Python manifest and lockfile evidence for sap-ai-sdk-base versions affected by CVE-2023-25617 / GHSA-xxhh-59gh-6ffx as version-based advisory evidence, without running Python, connecting to SAP BusinessObjects, scheduling Program Objects, sending command-injection input, or claiming OS command execution.
- NEWGradio Windows/Python path traversal advisory check. GitHub repo scans now flag Gradio dependency evidence for CVE-2026-28414 / GHSA-39mp-8hj3-5c49 and raise confidence when repository configuration also points to Windows with Python 3.13+, without requesting Gradio file endpoints, sending traversal input, reading files, or claiming live arbitrary file read.
29 Jun 2026
- NEWMISP STIX import source advisory coverage. GitHub repo scans now report source evidence for CVE-2018-19908 in app/Model/Event.php when original STIX filenames flow into shell command construction. The check uses repository source evidence and does not run MISP, import files, or claim runtime command execution.
- NEWMindsDB status version advisory coverage. Verified active scans now include MindsDB /api/status version evidence for CVE-2026-27483 when the public status endpoint reports a release before 25.9.1.1. This read-only check does not upload files, send traversal filenames, or claim remote-code execution.
- NEWNiceGUI upload filename source advisory check. GitHub repo scans now include CVE-2026-25732 coverage when affected NiceGUI dependency evidence appears with upload-handler source that saves paths built from client-supplied filenames. The check reports source/dependency evidence without uploading files, writing outside upload directories, or claiming code execution.
June 18, 2026
- NEWSillyTavern SearXNG SSRF active check. Verified active scans now report only direct evidence that a SillyTavern SearXNG search proxy fetched a FixVibe-controlled external callback URL. The probe avoids localhost, cloud metadata, private-network targets, and internal-service requests.
- NEW인증 없는 Glances REST API 노출 확인. 검증된 활성 스캔은 이제 스캔한 origin이 인증 없이 Glances REST API 식별 정보와 메트릭 형태의 응답을 노출하는지 확인할 수 있습니다. FixVibe는 응답 형태만 기록하며 광범위한 API 덤프, 프로세스 목록, 명령줄, 구성 또는 secret 수집은 피합니다.
- NEWSpring Data Commons + XMLBeam advisory coverage. GitHub repo scans now report paired Maven/Gradle dependency evidence for Spring Data Commons and XMLBeam versions associated with CVE-2018-1259 / GHSA-m929-7fr6-cvjg. The finding stays version-based and does not run the app, send XML payloads, probe endpoints, read local files, or claim SSRF confirmation.
- NEWMoby AuthZ 의존성 권고 검사. GitHub 저장소 스캔은 이제 CVE-2026-34040 / GHSA-x744-4wpc-v9h2 영향을 받는 Moby 또는 Docker Engine 버전으로 해석되는 Go 모듈 매니페스트를 표시하며, Docker APIs 연결, AuthZ 플러그인 프로빙, 조작된 요청 전송, 권한 우회 확인 주장 없이 버전 기반 권고 증거로 보고합니다.
- NEWNGINX rewrite-module config advisory check. GitHub repo scans can now correlate affected NGINX version evidence with rewrite-module configuration evidence for CVE-2026-42945, without running NGINX, sending traffic, or claiming memory-corruption proof.
- NEWSQLitePCLRaw NuGet advisory check. GitHub repo scans can now flag .NET project and NuGet lockfile evidence for affected SQLitePCLRaw native SQLite packages tied to CVE-2025-6965 / GHSA-2m69-gcr7-jv3q, without claiming memory-corruption proof.
- NEWgemini-mcp-tool CVE-2026-0755 advisory. Repo scans flag affected npm manifest and lockfile versions for GHSA-4h5r-5jm8-jxjm with repository version evidence only. The check does not run the MCP server, send command or @file probes, trigger callbacks, read local files, or assert runtime exploit confirmation.
- NEWMastra easy-day-js advisory check. GitHub repo scans flag easy-day-js manifest and lockfile evidence tied to the June 2026 Mastra npm incident. The finding stays limited to repository dependency evidence and does not verify stale npm owners, run package scripts, inspect hosts, or assert credential theft.
- NEWDrupal Core CVE-2026-9082 advisory check. GitHub repo scans flag Composer manifest and lockfile versions for GHSA-ghwc-95x2-682j with repository version evidence only. The check does not run Drupal, verify PostgreSQL, send SQL payloads, extract data, or assert runtime exploit confirmation.
- NEWParamiko SSH-server authentication advisory check. GitHub repo scans can now flag Python dependency files that resolve Paramiko releases affected by CVE-2018-7750 / GHSA-232r-66cg-79px, reporting version-based advisory evidence without starting an SSH server, sending bypass traffic, or claiming deployed server-mode exposure.
- NEWApache Tomcat HTTP/2 resource-consumption dependency advisory check. GitHub repo scans can now flag Maven and Gradle build files that resolve Tomcat releases affected by CVE-2020-11996 / GHSA-53hp-jpwq-2jgq, reporting version-based advisory evidence without running Tomcat, sending HTTP/2 denial-of-service traffic, generating high-CPU proof traffic, or claiming runtime availability impact.
- NEW@andrei-tatar/nora-firebase-common prototype-pollution advisory check. GitHub repo scans can now flag npm manifests and lockfiles that resolve @andrei-tatar/nora-firebase-common versions affected by CVE-2024-30564 / GHSA-jjff-q3q4-5hh8, reporting version-based advisory evidence without running the package, mutating Object.prototype, sending proof payloads, or claiming runtime exploit confirmation.
- NEWcordova-plugin-inappbrowser Android advisory check. GitHub repo scans can now flag npm manifests, lockfiles, and Cordova config.xml files that resolve cordova-plugin-inappbrowser versions affected by CVE-2019-0219 / GHSA-c6pw-q7f2-97hv, reporting version-based advisory evidence without building mobile binaries, loading proof content, exercising plugin bridge behavior, or claiming deployed Android exploitability.
- NEWNokogiri libxslt RubyGems advisory coverage. GitHub repo scans now report Gemfile, Gemfile.lock, and gemspec evidence for Nokogiri releases affected by CVE-2019-18197 / GHSA-242x-7cm6-4w8j. The check uses version-based RubyGems evidence and does not run Ruby, process XML or XSLT input, crash-test libxslt, or claim runtime exploit confirmation.
- NEWPerl GD CPAN advisory coverage. GitHub repo scans now report CPAN dependency evidence for Perl GD releases affected by CVE-2026-11526. The check uses version-based repository evidence and does not run Perl, process image files, pass crafted filenames to GD::Image constructors, or claim command-execution or file-overwrite confirmation.
- NEWkill-port-process CVE-2019-15609 advisory check. GitHub repo scans flag affected npm manifest and lockfile versions for GHSA-xp4x-j9vh-c3wf, reporting version evidence only. The check does not run the package, send command payloads, terminate processes, or assert runtime exploit confirmation.
- NEWproxy npm advisory coverage. GitHub repo scans can now report repository dependency evidence for proxy releases associated with CVE-2023-2968 / GHSA-mj6p-3pc9-wf5m. The finding stays version-based and does not run proxy, send crafted request traffic, crash-test services, or claim runtime denial-of-service confirmation.
- NEWApache ActiveMQ Artemis Jolokia dependency advisory check. GitHub repo scans can now flag Maven and Gradle build files that resolve org.apache.activemq:artemis-cli versions affected by CVE-2023-50780 / GHSA-443j-grxv-2pgv, reporting version-based advisory evidence without authenticating to Jolokia, enumerating MBeans, changing Log4J2 configuration, writing files, restarting services, or claiming live RCE confirmation.
- NEWApache ActiveMQ Artemis dependency advisory check. GitHub repo scans can now flag Maven and Gradle build files that pin or allow artemis-server versions affected by CVE-2026-27446 / GHSA-fw88-pf9m-p947, reporting version-based advisory evidence without connecting to brokers, triggering federation callbacks, or claiming message injection/exfiltration confirmation.
- NEWApache Spark UI dependency advisory check. GitHub repo scans can now flag Maven, Gradle, and PySpark dependency files that pin or allow Apache Spark versions affected by CVE-2022-33891 / GHSA-4x9r-j582-cgr8, reporting version-based advisory evidence without visiting Spark UI, sending active exploit probes, or claiming command-execution confirmation.
- NEWvLLM pickle-deserialization dependency advisory check. GitHub repo scans can now flag Python dependency files that pin or allow vllm versions affected by CVE-2024-9053 / GHSA-cj47-qj6g-x7r4, reporting version-based advisory evidence without running vLLM, exposing AsyncEngineRPCServer, sending pickle payloads, or claiming runtime code-execution confirmation.
- NEWApache Airflow example-DAG advisory coverage. GitHub repo scans can now report repository dependency evidence for Airflow releases associated with CVE-2024-45498 / GHSA-c392-whpc-vfpr. The finding stays version-based and does not probe Airflow UI, trigger DAGs, run command payloads, or claim runtime exploit confirmation.
- NEWONNX download_model_with_test_data advisory coverage. GitHub repo scans now report Python dependency evidence for onnx releases affected by CVE-2024-5187 / GHSA-6rq9-53c3-f7vj and add source-call context when download_model_with_test_data appears. The check does not run Python, download or extract model archives, create malicious tar files, overwrite files, or claim runtime exploit confirmation.
- NEWYOURLS type-juggling dependency advisory check. GitHub repo scans can now flag Composer and YOURLS source-version evidence for yourls/yourls releases affected by CVE-2019-14537 / GHSA-vf23-f26f-mjj9, reporting version-based advisory evidence without calling the YOURLS API, sending authentication-bypass requests, probing admin pages, or claiming unauthorized access.
- NEWhttp4k-format-xml dependency advisory check. GitHub repo scans can now flag Maven and Gradle build files that resolve org.http4k:http4k-format-xml versions affected by CVE-2024-55875 / GHSA-7mj5-hjjj-8rgw, reporting version-based advisory evidence without sending XML payloads, SSRF callbacks, local-file reads, or denial-of-service traffic.
June 14, 2026
- FIXEDDOM XSS fragment probe stability fix. Verified active scans now skip the DOM fragment probe cleanly when browser automation is unavailable at startup, so reports no longer show internal browser-context errors for that check.
- IMPROVEDExpanded Red Hat npm worm coverage. GitHub repo scans now include additional Wiz-reported @redhat-cloud-services package versions for the Miasma campaign, while still reporting repository dependency evidence without installing packages, executing lifecycle scripts, or claiming credential theft.
- NEWKnown npm typosquat package check. GitHub repo scans can now flag package manifests and lockfiles that resolve Microsoft-reported vpmdhaj npm typosquat package versions, reporting version-based advisory evidence without installing packages, executing lifecycle scripts, fetching tarballs, contacting attacker infrastructure, or claiming credential theft.
- NEWCodex Remote UI token-stealing npm package check. GitHub repo scans can now flag package manifests and lockfiles that resolve codexui-android 0.1.82 or newer, reporting version-based advisory evidence without installing the package, executing it, reading Codex auth files, contacting exfiltration infrastructure, or claiming token theft.
- NEWClaude Code GitHub Action workflow repo check. GitHub repo scans can now flag Claude Code Action workflows with mutable action refs, broad workflow token permissions, or risky access override inputs, reporting workflow YAML evidence without running Actions, executing Claude Code, reading CI secrets, or claiming prompt-injection exploitation.
- NEWonering Rust crate malware repo check. GitHub repo scans can now flag Cargo manifests or lockfiles that resolve onering 1.4.1 or the known compromised onering git commit, and can flag matching checked-in build.rs evidence, without running Cargo, executing build scripts, fetching crates, or claiming source exfiltration.
- NEWNode-gyp / Phantom Gyp npm worm repo check. GitHub repo scans can now flag package manifests or lockfiles that resolve known malicious npm package versions from the binding.gyp supply-chain campaign, or flag matching binding.gyp source evidence, without running npm install, executing node-gyp, downloading tarballs, or claiming credential theft.
June 11, 2026
- IMPROVEDMoxa NPort authentication advisory coverage. The existing verified-active Moxa NPort firmware check now correlates the same strong HTTP model and firmware evidence with CVE-2016-9361 as part of the MCSA-160401 advisory family, while still reporting a version-based advisory without attempting password retries, brute-force checks, firmware uploads, unauthenticated administrative actions, SNMP queries, serial-device protocol probes, crash tests, or exploit confirmation.
- IMPROVEDMoxa NPort unauthenticated firmware-update advisory coverage. The existing verified-active Moxa NPort firmware check now correlates the same strong HTTP model and firmware evidence with CVE-2016-9369 as part of the MCSA-160401 advisory family, while still reporting a version-based advisory without attempting firmware uploads, unauthenticated administrative actions, SNMP queries, serial-device protocol probes, crash tests, or exploit confirmation.
- NEWSchneider Modicon M221 firmware advisory check. Passive scans can now flag strong public HTTP product and firmware-version evidence for Modicon M221 controllers associated with CVE-2018-7790, reporting version-based advisory context without capturing credentials, replaying authentication, querying Modbus, uploading PLC programs, or claiming unauthorized-access confirmation.
- NEWLangflow CVE-2025-34291 CORS advisory check. Verified active scans can now flag affected Langflow instances when target-specific version evidence is paired with credentialed CORS origin reflection, without authenticating, reading tokens, triggering refresh flows, or claiming code-execution confirmation.
- NEWSiteOmat BOS version advisory check. Verified active scans can now flag public SiteOmat BOS version evidence associated with CVE-2017-14728 as a version-based advisory, without attempting default credentials, SSH login, broad port scans, state-changing management actions, or unauthorized access.
- NEWSiteOmat login SQL injection advisory check. Verified active scans can now flag public SiteOmat BOS version evidence associated with CVE-2017-14851 as a version-based advisory, without submitting login forms, sending SQL injection payloads, attempting authentication bypass, accessing post-login pages, or making state-changing management requests.
- NEWSiteOmat CGI buffer-overflow advisory check. Verified active scans can now flag public SiteOmat BOS version evidence associated with CVE-2017-14854 as a version-based advisory, without sending crafted CGI input, overflow payloads, crash tests, broad port scans, state-changing management actions, or exploit requests.
- NEWKubernetes externalIPs manifest advisory check. GitHub repo scans can now flag Kubernetes Service manifests that declare non-empty
spec.externalIPsas source/config hardening evidence for CVE-2020-8554, without inspecting live clusters, checking RBAC, sending traffic, or claiming traffic interception. - NEWApache Tomcat EncryptInterceptor dependency advisory check. GitHub repo scans can now flag Maven and Gradle files that resolve exact Tomcat releases associated with CVE-2026-34486 / GHSA-69r9-qgr7-g2wj, reporting version-based advisory evidence without running Tomcat, inspecting cluster traffic, sending crafted Tribes packets, or claiming plaintext-disclosure confirmation.
- NEWApache Tomcat h2c request mix-up dependency advisory check. GitHub repo scans can now flag Maven and Gradle files that resolve Tomcat embedded-core or Coyote versions affected by CVE-2021-25122 / GHSA-j39c-c8hj-x4j3, reporting version-based advisory evidence without running Tomcat, sending h2c upgrade requests, capturing traffic, or claiming information-disclosure confirmation.
- NEWPickleScan ZIP CRC dependency advisory check. GitHub repo scans can now flag Python dependency files that pin or allow PickleScan versions affected by CVE-2025-10156 / GHSA-mjqp-26hc-grxg, reporting version-based advisory evidence without running PickleScan, creating corrupted archives, loading models, or claiming runtime code-execution confirmation.
- NEWNLTK Zip Slip dependency advisory check. GitHub repo scans can now flag Python dependency files that pin or allow NLTK versions affected by CVE-2025-14009 / GHSA-7p94-766c-hgjp, reporting version-based advisory evidence without running Python or NLTK, calling nltk.download(), extracting packages, creating malicious archives, or claiming runtime code-execution confirmation.
- NEWTanStack ArkType adapter malware dependency check. GitHub repo scans can now flag package manifests and lockfiles that resolve @tanstack/arktype-adapter to malicious versions 1.166.12 or 1.166.15 from CVE-2026-45321 / GHSA-g7cv-rxg3-hmpx, reporting version-based advisory evidence without running npm install, executing lifecycle scripts, downloading tarballs, or claiming credential theft.
- NEWMbed TLS CVE-2021-44732 repo advisory check. GitHub repo scans can now flag source and build metadata that identify Mbed TLS versions affected by CVE-2021-44732, reporting version-based advisory evidence without running Mbed TLS, forcing out-of-memory behavior, calling session-copy APIs, or claiming live double-free confirmation.
- NEWIIS TRACK method exposure check. Verified active scans can now flag legacy TRACK echo behavior associated with CVE-2003-1567 using non-sensitive request evidence, without sending cookies, credentials, browser exploit pages, user traffic, or state-changing requests.
- NEWRed Hat npm worm dependency advisory check. GitHub repo scans can now flag package manifests and lockfiles that resolve known compromised @redhat-cloud-services npm versions associated with the credential-stealing worm campaign, reporting dependency evidence without executing install scripts or claiming credential theft.
- NEWDICOM executable preamble check. GitHub repo scans can now flag committed DICOM files whose Part 10 preamble carries executable-file evidence, reporting static file evidence without executing the file or claiming production compromise.
June 10, 2026
- NEWMbed TLS CVE-2023-45199 repo advisory check. GitHub repo scans can now flag source and build metadata that identify Mbed TLS 3.2.x through 3.4.x, reporting version-based advisory evidence without sending TLS handshake payloads or claiming live memory corruption.
- NEWRockwell MicroLogix 1100 advisory fingerprint. Passive scans can now flag strong public HTTP evidence of a Rockwell Automation MicroLogix 1100 controller associated with CVE-2021-33012, reporting advisory context without sending industrial protocol commands or claiming denial-of-service behavior.
- NEWMoxa NPort firmware advisory check. Verified active scans can now flag public HTTP model and firmware-version evidence for Moxa NPort devices associated with CVE-2016-9363, reporting version-based advisory context without sending crafted packets, querying SNMP, testing serial-device services, or claiming exploit confirmation.
- NEWRockwell MicroLogix 1100 authentication-attempt advisory check. Verified active scans can now flag public HTTP model and firmware evidence for MicroLogix 1100 controllers associated with CVE-2017-7898, reporting version-based advisory context without attempting logins, brute force, or industrial protocol probes.
- NEWLog4j 1.2 JDBCAppender advisory check. GitHub repo scans can now flag Log4j 1.2 dependency evidence paired with JDBCAppender SQL configuration for CVE-2022-23305 / GHSA-65fg-84f6-3jq3, reporting repository/config evidence without executing SQL, writing log events, or claiming runtime database compromise.
- NEWLog4j 1.2 JMSAppender advisory check. GitHub repo scans can now flag Log4j 1.2 dependency evidence paired with JMSAppender configuration for CVE-2021-4104 / GHSA-fp5r-v3w9-4333, reporting repository/config evidence without contacting JNDI or JMS services or claiming runtime exploit confirmation.
- NEWMicrosoft ATL MS09-035 source advisory check. GitHub repo scans can now flag legacy Visual C++ ATL project metadata paired with ATL source usage associated with CVE-2009-0901/CVE-2009-2493/CVE-2009-2495, reporting source/build advisory evidence without inspecting build machines, sending malformed streams, probing information disclosure, or claiming live code-execution confirmation.
- NEWLangflow CVE-2026-33017 version advisory check. Verified active scans can now flag public Langflow version evidence for CVE-2026-33017 / GHSA-vwmf-pq79-vjvx as a version-based advisory, without submitting flow data, building flows, executing code, or claiming public-flow exploit confirmation.
- NEWKeras CVE-2025-1550 dependency advisory check. GitHub repo scans can now flag Python dependency files that pin or allow Keras versions affected by CVE-2025-1550 / GHSA-48g7-3x6r-xfhp, reporting version-based advisory evidence without loading model archives, generating payloads, or claiming runtime code-execution confirmation.
- NEWTLS RC4 negotiation advisory check. Verified active scans can now flag TLS endpoints that still select RC4 cipher suites associated with CVE-2015-2808, reporting confirmed RC4 support without capturing traffic or claiming plaintext recovery.
- NEWTLS Sweet32 DES/3DES advisory check. Verified active scans can now flag TLS endpoints that still select DES or 3DES 64-bit block cipher suites associated with CVE-2016-2183, reporting confirmed cipher negotiation without capturing traffic or claiming plaintext recovery.
- NEWSchneider PowerLogic EGX advisory check. Verified active scans can now flag public PowerLogic EGX100 firmware or EGX300 product evidence associated with CVE-2021-22765/CVE-2021-22767/CVE-2021-22768, reporting product/firmware advisory context without sending crafted HTTP packets, querying industrial protocols, crash-testing gateways, or claiming exploit confirmation.
May 27, 2026
- NEWArcserve UDP CVE-2025-34523 version advisory check. Verified active scans can now flag public Arcserve UDP version evidence for CVE-2025-34523 as a version-based advisory, without sending crafted heap-overflow input, crash-testing the service, authenticating to the console, or claiming command execution.
- NEWLiferay Portal CVE-2010-5327 version advisory check. Verified active scans can now flag public Liferay Portal version evidence for CVE-2010-5327 as a version-based advisory, without authenticating, editing templates, sending template payloads, or claiming command execution.
- NEWws excessive-header DoS dependency advisory check. GitHub repo scans can now flag npm manifests and lockfiles that resolve ws versions affected by CVE-2024-37890 / GHSA-3h5v-q93c-6h6q, reporting version-based advisory evidence without sending denial-of-service traffic or claiming runtime WebSocket exposure.
May 25, 2026
- IMPROVEDSPIP version advisory wording. Passive SPIP version findings now distinguish version-fingerprint advisory evidence for CVE-2016-7980 and CVE-2016-7998 from runtime exploit proof, without active CSRF, local-file validation, or template-execution reproduction.
- FIXEDActive scan reliability and SSTI accuracy fix. Active scans now safely store response-derived evidence that contains unsupported control characters, and SSTI reporting requires stronger target-specific template-evaluation evidence instead of common page or static-asset content.
May 24, 2026
- NEWWebdriverIO BrowserStack service dependency advisory check. GitHub repo scans can now flag npm manifests and lockfiles that resolve @wdio/browserstack-service versions affected by CVE-2026-25244 / GHSA-5c46-x3qw-q7j7, reporting version-based advisory evidence without running WebdriverIO, starting BrowserStack Local, or using command payloads.
- NEWWordPress REST API user-exposure check. Verified active scans can now report WordPress REST users endpoints that return public user slugs to unauthenticated clients, with medium-severity exposure wording that does not claim WordPress version proof or account compromise.
- NEWDjango CSRF dependency advisory check. GitHub repo scans can now flag Python dependency files that pin or allow Django versions affected by CVE-2011-0696 / GHSA-5j2h-h5hg-3wf8, reporting version-based advisory evidence without running Django, probing state-changing routes, or claiming runtime CSRF exploitability.
- NEWTMT Lockcell SQL injection active check. Verified active scans can now report TMT Lockcell login surfaces whose responses change consistently with CVE-2023-3047, using a bounded login-response comparison that does not run timing delays, follow authenticated redirects, or extract database data.
- NEWOpenSSL PowerPC Poly1305 advisory check. GitHub repo scans can now correlate affected OpenSSL 3.x version evidence with PowerPC build/deployment evidence for CVE-2023-6129, reporting version-and-architecture advisory evidence without reproducing state corruption or denial-of-service behavior.
May 23, 2026
- NEWelecterm 비인증 명령 실행 권고 검사. GitHub 저장소 스캔에서 CVE-2020-23256 / GHSA-x73w-g8hx-v7rp의 영향을 받는 electerm 버전을 고정하거나 허용하는 npm 매니페스트 및 잠금 파일을 표시할 수 있어요. electerm 서비스를 탐색하거나 시작하지 않고 결과를 버전 기반 권고로 보고해요.
- NEWSaltStack Salt 종속성 권고 검사. GitHub 저장소 스캔에서 CVE-2017-12791 / GHSA-xxvj-8g5m-4qgw의 영향을 받는 Salt 버전에 대한 Python 종속성 증거를 표시할 수 있어요. Salt master 핸드셰이크를 탐색하지 않고 버전 기반 권고로 보고해요.
- NEWrclone RC fsinfo 노출 검사. 검증된 활성 스캔이 CVE-2026-41179 / GHSA-jfwf-28xr-xw6q와 관련된 rclone Remote Control의 비인증 fsinfo 노출을 확인할 수 있어요. 명령 실행 없이 제한된 메타데이터 증거를 사용해요.
- NEWApache Tomcat 세션 지속성 권고 검사. GitHub 저장소 스캔에서 CVE-2020-9484 / GHSA-344f-f5vg-2jfj의 영향을 받는 Tomcat 버전을 해석하는 Maven 및 Gradle 빌드 파일을 표시할 수 있어요. 저장소 구성이 FileStore 기반 PersistentManager 세션 지속성을 함께 보여 줄 때 결과를 강화해요.
- NEWNote Mark dependency advisory check. GitHub repo scans can now flag Go manifests that resolve Note Mark backend versions affected by CVE-2026-44522 / GHSA-g49p-4qxj-88v3, reporting the result as a version-based advisory without uploading files, triggering exports, or claiming live RCE confirmation.
2026년 5월 20일
- NEWGogs dependency advisory check. GitHub repo 스캔은 이제 경로 순회 확인이 아닌 버전 기반 권고 증거를 사용하여 CVE-2018-20303 / GHSA-9hxg-w7qf-hh93에 대해 영향을 받는 Gogs 버전을 고정하는 Go 매니페스트에 플래그를 지정할 수 있습니다.
- NEWdeephas prototype-pollution advisory check. GitHub repo 스캔은 이제 런타임 프로토타입 오염 확인이 아닌 버전 기반 권고 증거를 사용하여 CVE-2020-28271 / GHSA-4fr2-j4g9-mppf의 영향을 받는 deephas 버전을 해결하는 npm 매니페스트 및 잠금 파일에 플래그를 지정할 수 있습니다.
- NEWOpenSSL TLSv1.3 session advisory check. GitHub repo 스캔은 이제 영향을 받은 OpenSSL 버전 증거를 CVE-2024-2511에 대한 TLSv1.3 세션 구성 증거와 연관시켜 실시간 서비스 거부 확인 대신 중간 신뢰도의 source/config 증거를 보고할 수 있습니다.
2026년 5월 19일
- IMPROVEDelecterm Linux install-script coverage. 선택 항목 종속성 권고에는 이제 기존 macOS 설치 스크립트 권고와 함께 CVE-2026-41501 / GHSA-8x35-hph8-37hq가 포함되어 조사 결과의 범위를 악용 확인보다는 npm 매니페스트 및 잠금 파일 증거로 유지합니다.
- NEWGeniXCMS author-route SQL injection check. 검증된 활성 스캔은 이제 데이터 추출이나 파괴적인 SQL 조사 없이 대상별 증거를 사용하여 GeniXCMS 작성자 경로에서 CVE-2017-5517- 스타일 데이터베이스 오류 동작을 확인할 수 있습니다.
- NEWNetmaker DNS key authorization-bypass check. 확인된 활성 스캔은 이제 읽기 전용 DNS API이 기준 요청을 거부하지만 레코드 생성, 수정 또는 삭제 없이 레거시 DNS 인증 경로를 통해 DNS 레코드 증거를 반환하는 경우 Netmaker 배포에서 CVE-2023-32077 노출을 확인할 수 있습니다.
- NEWopenDCIM source command-injection check. GitHub repo 스캔은 이제 활성 명령 실행 대신 소스 일치 증거, 신뢰도 및 런타임 악용 가능성 제한을 사용하여 report_network_map.php의 CVE-2026-28517 source/config 패턴에 플래그를 지정할 수 있습니다.
- NEWSPIP valider_xml XSS check. 확인된 활성 스캔은 이제 브라우저에서 JavaScript를 실행하지 않고도 대상별 HTML-컨텍스트 증거를 사용하여 SPIP 배포에 대한 CVE-2016-7981- 스타일의 이스케이프되지 않은 URL 반영을 확인할 수 있습니다.
- NEWApache Tomcat Coyote dependency advisory check. GitHub repo 스캔은 이제 런타임 서비스 거부 확인이 아닌 버전 기반 권고 증거를 사용하여 CVE-2025-48989 / GHSA-gqp3-2cvr-x8m3의 영향을 받는 Tomcat Coyote 또는 임베디드 코어 버전을 해결하는 Maven 및 Gradle 빌드 파일에 플래그를 지정할 수 있습니다.
- NEWveraPDF XSLT dependency advisory check. GitHub repo 스캔은 이제 XSLT 실행 확인이 아닌 버전 기반 권고 증거를 사용하여 CVE-2024-28109 / GHSA-qxqf-2mfx-x8jw의 영향을 받는 veraPDF 아티팩트를 해결하는 Maven 및 Gradle 빌드 파일에 플래그를 지정할 수 있습니다.
2026년 5월 18일
- NEWelecterm dependency advisory check. GitHub repo 스캔은 악용 확인이 아닌 버전 기반 권고 증거를 사용하여 CVE-2026-41500 / GHSA-wxw2-rwmh-vr8f 및 CVE-2026-41501 / GHSA-8x35-hph8-37hq의 영향을 받는 선택 버전을 고정하거나 허용하는 npm 매니페스트 및 잠금 파일에 플래그를 지정할 수 있습니다.
- NEWOpenCms dependency advisory check. GitHub repo 스캔은 이제 XXE 공격 확인이 아닌 버전 기반 권고 증거를 사용하여 CVE-2023-42344 / GHSA-rcc6-6q2f-m2cw의 영향을 받는 org.opencms:opencms-core 버전을 고정하거나 해결하는 Maven pom.xml 파일에 플래그를 지정할 수 있습니다.
- NEWMagicMirror /cors SSRF check. 검증된 활성 스캔은 이제 인증되지 않은 /cors 엔드포인트가 내부 서비스를 조사하지 않고 FixVibe 제어 외부 콜백을 가져올 때 MagicMirror 인스턴스에서 CVE-2026-42281 노출을 확인할 수 있습니다.
2026년 5월 17일
- NEWFUXA hardcoded JWT secret check. 확인된 활성 스캔을 통해 이제 취약한 폴백 JWT 서명 구성을 여전히 신뢰하는 FUXA 인스턴스에서 CVE-2025-69971 노출을 확인할 수 있습니다.
- NEWCKAN DataStore SQL exposure check. 확인된 활성 스캔을 통해 이제 CVE-2026-42031과 관련된 인증되지 않은 CKAN DataStore SQL 액세스를 확인하고 팀이 패치된 CKAN 릴리스 라인 또는 더 안전한 DataStore 구성을 안내할 수 있습니다.
16 May 2026
- NEWPDF.js dependency advisory check. GitHub repo 스캔은 이제 CVE-2024-4367 / GHSA-wgrm-67xf-hhpq의 영향을 받는 pdfjs-dist 버전을 고정하거나 허용하는 npm 매니페스트 및 잠금 파일에 플래그를 지정할 수 있습니다.
- NEWActive scans via REST API and MCP. 이제 대시보드에서 명시적으로 승인된 확인된 도메인에 대해 REST 및 MCP에서 활성 검색을 트리거할 수 있습니다. 승인은 언제든지 취소할 수 있습니다.
- NEWSafer authorization levels for active scans. 도메인 승인은 이제 더 안전한 자동 활성 검사와 심층 활성 테스트를 구별하므로 팀은 각 도메인에 대해 적절한 수준의 확인을 자동화할 수 있습니다.
- NEWFirst-use webhook for API/MCP active scans. 웹후크는 새로 승인된 도메인에 대해 API/MCP-triggered 활성 스캔이 처음 실행될 때 팀에 알릴 수 있습니다.
- IMPROVEDImproved Referrer-Policy findings. Missing or weak
Referrer-Policyresults now separate URL-referrer leakage from broad information exposure, show document-response evidence, and include generic plus static-host remediation guidance. - IMPROVEDImproved Permissions-Policy findings. Missing or weak
Permissions-Policyresults now show feature-level evidence, separate broad feature allowlists from missing hardening, and include generic plus static-host remediation guidance for common hosts, proxies, and app servers. - IMPROVEDImproved clickjacking header prompts. Missing
X-Frame-Optionsfindings now point agents to CSPframe-ancestorsas the modern protection, add Vercel/static SPA header guidance, and verifyx-frame-optionswith CSP. - IMPROVEDCSP header evidence and fix prompts improved. Missing-CSP 보고서에는 이제 더 명확한 호스팅 및 응답 컨텍스트와 더 안전한 프레임워크 인식 수정 지침이 포함됩니다.
- FIXEDVercel path-probe false positives reduced. FixVibe은 이제 앱 셸에 알 수 없는 경로를 다시 작성하는 배포에서 노출된 프레임워크 아티팩트를 보고하기 전에 더 강력한 애플리케이션별 증거를 요구합니다.
- FIXED컴플라이언스 발견에 더 이상 잘못된 CWE 태그가 붙지 않습니다. 이전에는 legal-compliance 체크가 "개인정보처리방침 누락" 및 "이용약관 누락" 발견에
CWE-359(PII 노출)를 붙였으나, 이는 실제 갭을 설명하지 않습니다. 이러한 발견은 이제 CWE 없이 게시됩니다 — 분류 가능한 보안 취약점이 아니라 컴플라이언스 항목입니다.
2026년 5월 15일
- NEWAdditional research-informed checks. FixVibe은 최근 취약성 연구를 기반으로 더 많은 적용 범위를 제공했으며 이미 적용 범위가 존재하는 기존 스캐너 모듈에 중복 주제를 매핑했습니다.
- NEW저장소 비밀 누출 검사. GitHub 저장소 스캔이 이제 소스에 커밋된 하드코딩된 공급자 키와 비밀처럼 보이는 고엔트로피 값을 감지할 수 있으며, 증거는 마스킹되고 표준 FixVibe 로테이션 프롬프트가 포함됩니다.
- NEWVercel deployment protection check. 패시브 스캔은 이제 Vercel 배포 Protection 없이 응답하는 공개
*.vercel.app생성된 배포 URL에 플래그를 지정할 수 있으며, 기존 헤더 검사는 CSP, HSTS 및 브라우저 강화를 계속 감사합니다.
2026년 5월 14일
- NEWLiteLLM dependency advisory check. GitHub repo 스캔은 이제 CVE-2026-42208 / GHSA-r75f-5x8p-qvmc의 영향을 받는 LiteLLM 버전을 고정하거나 허용하는 Python 종속성 파일에 플래그를 지정할 수 있습니다.
- NEWLibreNMS dependency advisory check. GitHub repo 스캔은 이제 CVE-2024-51092 / GHSA-x645-6pf9-xwxw의 영향을 받는 LibreNMS 버전을 고정하거나 허용하는 Composer 매니페스트에 플래그를 지정할 수 있습니다.
- IMPROVEDFirebase rules detection improved. BaaS 스캔은 이제 더 많은 Firebase 앱 형태를 감지하고 읽기 전용 증거를 사용하여 위험한 공개 데이터 노출을 식별합니다.
2026년 5월 13일
- NEWRepo Supabase RLS migration check. GitHub repo 스캔은 이제 일치하는
ALTER TABLE ... ENABLE ROW LEVEL SECURITY문 없이 공개 테이블을 생성하는 Supabase SQL 마이그레이션에 플래그를 지정할 수 있습니다. - NEWSupabase Storage posture check. 패시브 스캔은 이제 기존 RLS 및 키 검사와 함께 공개 Supabase 스토리지 버킷과 익명 개체 목록 노출을 검토할 수 있습니다.
- NEWAI-generated code guardrail check. GitHub repo 검색은 이제 코드 검색, 비밀 검색, 종속성 업데이트 및 AI-agent 지침과 관련된 보안 자동화 누락을 표시할 수 있습니다.
2026년 5월 12일
- NEWRepo web-app risk checklist. GitHub repo 스캔은 이제 원시 SQL 보간, 안전하지 않은 HTML 싱크, 자격 증명 와일드카드 CORS, 비활성화된 TLS 확인, 약한 JWT 비밀 폴백과 같은 신뢰도가 높은 OWASP- 스타일 코드 위험에 플래그를 지정할 수 있습니다.
- NEWNext.js middleware-bypass check. 확인된 도메인에 대한 활성 검색을 통해 이제 보고하기 전에 미들웨어로 보호되는 경로에서 CVE-2025-29927 노출을 확인할 수 있으며 보고서에는 수정을 위한 표준 FixVibe AI 수정 프롬프트가 포함됩니다.
2026년 5월 9일
- SECURITYCross-origin scope hardening. 활성 스캔 및 클라이언트 자산 검사는 이제 승인된 대상 범위 내에 유지되며 원본 간 리디렉션을 통해 고객이 제공한 자격 증명을 전달하지 않습니다.
- FIXEDSupabase RLS check is now strictly read-only. Supabase 자세 검사는 이제 쓰기 시도를 방지하고 안전한 노출 신호에 집중합니다. 검증된 도메인의 활성 테스트는 더 깊은 확인을 위한 경계로 남아 있습니다.
- IMPROVEDSecurity-header finding은 root HTML response에만 적용됩니다. 204, JSON API, file download, 404에 CSP, Permissions-Policy, X-Frame-Options, Referrer-Policy가 없다고 finding을 만들지 않습니다. HSTS와 X-Content-Type-Options는 여전히 모든 response에 대해 평가됩니다.
- IMPROVEDAuth-flow and rate-limit checks now require stronger evidence. FixVibe 이제 응용 프로그램 동작이 결과를 명확하게 지원하는 경우에만 이러한 문제를 보고하여 일반 오류 페이지 및 지원되지 않는 메서드에서 발생하는 노이즈를 줄입니다.
- IMPROVEDFile-upload findings tier by exploitability evidence. 파일 업로드 보고서는 이제 위험한 게재 행동에 대한 더 강력한 증거와 신뢰도가 낮은 승인 신호를 분리하여 양성 업로드 핸들러의 과도한 심각도를 줄입니다.
2026년 5월 7일
- FIXEDThreat-intel listing accuracy improved. FixVibe은 이제 실제 차단 목록 증거와 확인자 진단을 구별하므로 위협 인텔리전스 결과가 인프라 측 조회 응답에 대해 과도하게 보고되지 않습니다.
- NEWGitHub repo scan. Repo를 연결하면 FixVibe가 배포된 site를 load하지 않고도 source에서 leaked Supabase service key, Firebase admin token, 위험한 workflow file, outdated dependency를 검사합니다. 스캔 유형을 참고하세요.
- NEW위험한 JavaScript를 위한 SAST check. Repo scan은 이제
new Function()과setTimeout("string")을 flag합니다. 둘 다 untrusted input을 받으면eval()과 같습니다. - FIXEDVercel / Cloudflare site의 거짓 “exposed file” finding. Bare
403 Forbiddenresponse는 더 이상 “file exists”로 보고되지 않습니다. 대부분의 edge provider는 파일 존재 여부와 관계없이 suspicious path에 403을 반환합니다. 이제 flag하기 전에 positive HTTP signal을 요구합니다. - FIXEDRepo-code false positives reduced. Repo 스캔은 이제 주석, 문서, 테스트 도우미 및 여러 가지 신호가 높은 코드 검사에 대한 명확한 서버 전용 컨텍스트에서 보안 용어 플래그를 지정하지 않습니다.
- FIXEDlocalStorage 안의 Supabase anon key는 더 이상 JWT-in-storage finding으로 보고되지 않습니다. anon key는 client에 공개하도록 의도된 token입니다. Browser storage 안의 실제 service-role token은 더 명확한 title과 함께 critical입니다.
- FIXEDCSP weakness detection improved. Content-Security-Policy 검사는 이제 효과적인 브라우저 정책에 초점을 맞춘 증거와 교정을 유지하면서 더 허용적인 소스 정책을 포착합니다.
- FIXEDReflected-XSS check tightened. 이제 활성 스캔에서는 실행 가능 컨텍스트 위험을 보고하기 전에 더 강력한 반사 증거가 필요하므로 페이지의 관련 없는 마크업으로 인한 오탐이 줄어듭니다.
- FIXEDDomain verification은 apex ↔ www redirect를 올바르게 처리하며, TXT-record Host field에 어떤 값을 넣어야 하는지도 더 명확해졌습니다.
형식
각 entry에는 빠르게 훑어볼 수 있도록 tag가 붙습니다.
- NEW 새 check, surface 또는 feature.
- IMPROVED 기존 동작이 더 정확하거나, 빠르거나, 명확해졌습니다.
- FIXED 배포했던 bug를 수정했습니다.
- SECURITY Hardening, vulnerability fix 또는 compliance change.
망가졌는데 여기에 기록되지 않은 것이 있나요? support@fixvibe.app로 이메일을 보내주세요.
