Find security holes AI tools left behind.
Free instant scan. Finds exposed Supabase service keys, missing RLS, open Firebase rules, leaked secrets in your JS bundle, and more.
- No signup required
- 500+ checks performed
- BaaS-aware
- Auth-safe (passive)
Scanner coverage
- 180+
- vulnerability classes covered
- 270+
- passive checks / scan
- 120+
- active checks / scan
- 120+
- GitHub checks / scan
Compatible with
Scan websites and apps built with AI coding tools.
Deploy from Cursor, Claude Code, Codex, Lovable, Bolt, v0, Replit, and more. FixVibe checks the shipped URL and repo for security gaps AI-generated apps tend to miss.
- Cursor
- Claude Code
- OpenAI Codex
- GitHub Copilot
- Lovable
- Bolt.new
- v0
- Replit Agent
- Windsurf
- Devin
- Google Jules
- Gemini CLI
- Firebase Studio
- Amazon Q Developer
- JetBrains Junie
- Kiro
- Tabnine
- Qodo
- Sourcegraph Amp
- Continue
- Cline
- Roo Code
- Aider
- OpenCode
- Base44
- Anything
- Builder.io Fusion
- Tempo
- Softgen
- Trae
Latest research
New vulnerabilities, every day.
We track newly disclosed CVEs, GHSA advisories, and BaaS misconfiguration patterns that matter to AI-built apps. Public notes explain impact and safe remediation at a high level.
- criticalresearch note
Siemens SIMATIC HMI Authentication Brute-Force Vulnerability (CVE-2020-15786)
A vulnerability in multiple Siemens SIMATIC HMI panels allows attackers to perform brute-force attacks against the device's authentication mechanisms. The flaw, tracked as CVE-2020-15786, stems from an improper restriction of excessive authentication attempts, potentially leading to unauthorized access to industrial control interfaces.
- highcovered by FixVibe
OS Command Injection in strong-nginx-controller (CVE-2020-7621)
The strong-nginx-controller npm package is affected by CVE-2020-7621 / GHSA-4v9w-pvwr-38h3 through version 1.0.2. FixVibe covers this as a repository dependency advisory: it reports manifest and lockfile evidence for affected versions, while clearly stating that runtime command execution is not proven by dependency evidence alone.
- highnot automatically checked
CVE-2026-24294: Local Privilege Escalation in Windows SMB Server
CVE-2026-24294 affects Windows SMB Server and requires an authorized local attacker. FixVibe did not ship an automatic check because repository and web-scan evidence cannot prove the exact Windows build, installed security update, SMB service state, or local exploitability.
Current research, practical context, and coverage updates when checks ship.
All research →