Vibe Security Radar

Vibe Security Radar

Tracking the security cost of vibe coding

Coverage: May 2025Mar 2026

This project is under active development. Data may contain inaccuracies and more vulnerabilities are being analyzed.

AI-Linked Vulnerabilities

73

AI Tools Detected

6

Critical / High

37

Advisories Analyzed

11,189

Vulnerabilities by Month

Claude Code
GitHub Copilot
Google Gemini
Roo Code

Recent Vulnerabilities

IDSeverityToolsLanguageVerifiedDescription
GHSA-wccx-j62j-r448CRITICAL
Claude Code
Python
gemini-3.1-flash-lite-previewFickling has `always_check_safety()` bypass: pickle.loads and _pickle.loads remain unhooked
GHSA-wpph-cjgr-7c39LOW
Claude Code
TypeScript
gemini-3.1-flash-lite-previewOpenClaw's typed sender-key matching for toolsBySender prevents identity-collision policy bypass
GHSA-gw85-xp4q-5gp9LOW
Claude Code
TypeScript
gemini-3.1-flash-lite-previewOpenClaw's Synology Chat dmPolicy=allowlist failed open on empty allowedUserIds, allowing unauthorized agent dispatch
GHSA-j4xf-96qf-rx69LOW
Claude Code
TypeScript
gemini-3.1-flash-lite-previewOpenClaw has a Feishu allowFrom authorization bypass via display-name collision
GHSA-x9cf-3w63-rpq9HIGH
Claude Code
TypeScript
gemini-3.1-flash-lite-previewOpenClaw vulnerable to sensitive file disclosure via stageSandboxMedia
GHSA-c6hr-w26q-c636LOW
Claude Code
TypeScript
gemini-3.1-flash-lite-previewOpenClaw has ReDoS and regex injection via unescaped Feishu mention metadata in RegExp construction
GHSA-8m9v-xpgf-g99mLOW
Claude Code
TypeScript
gemini-3.1-flash-lite-previewOpenClaw has an unauthorized sender bypass in its stop triggers and /models command authorization
GHSA-p7gr-f84w-hqg5LOW
Claude Code
TypeScript
gemini-3-flash-previewOpenClaw's sandboxed sessions_spawn now enforces sandbox inheritance for cross-agent spawns
CVE-2026-21882HIGH
GitHub Copilot
Rust
gemini-3.1-flash-lite-previewtheshit's Improper Privilege Dropping Allows Local Privilege Escalation via Command Re-execution
CVE-2026-27900MEDIUM
GitHub Copilot
Go
gemini-3.1-flash-lite-preview, gemini-3.1-pro-previewTerraform Provider Debug Logs Vulnerable to Sensitive Information Exposure