Security Scanner for Vercel / v0 Apps

We scanned 67 Vercel / v0 apps. 3.0% had critical vulnerabilities. Is yours secure?

Top issue: Hardcoded API keys in JS bundles (27% of AI-generated apps)

What we check on Vercel / v0 apps

• Supabase RLS — extracts real table names from your JS bundle, tests each with the anon key
• API keys in bundles — OpenAI, Anthropic, Stripe, Google, AWS keys shipped client-side
• Authentication — IDOR, OAuth misconfig, session entropy, JWT weak secrets
• Infrastructure — exposed /.env, /.git, subdomain takeover, DNS issues
• AI code quality — hallucinated functions, unsafe eval(), hardcoded credentials
• 70+ total modules — nuclei CVE templates, XSS, CORS, CSP bypass, and more

Try it free

Paste your Vercel / v0 app URL on our homepage for a quick 10-second scan. For the full 70-module audit, sign up — one free scan, no card.

Scan your Vercel / v0 app free →

Research

• Lovable vs Bolt vs Replit: per-platform RLS breakdown
• Beyond Supabase RLS: 5 other critical vulnerabilities
• Q2 2026 State of Vibe-Coded Security report