Back to Vulnerability Hub
CriticalAI-Generated Code Vulnerability

API Key Exposure

Leaked API credentials in client bundles, logs, source maps, and misconfigured environment variables.

Affected Platforms
LovableBolt.newv0CursorReplit
Severity
Critical
Remediate immediately

How to detect it

  • 1Scan compiled JavaScript for provider key patterns
  • 2Detect NEXT_PUBLIC and VITE_ secret misuse
  • 3Validate leaked keys with safe provider metadata checks

How to fix it

  • 1Move secrets to server-only environment variables
  • 2Rotate exposed keys immediately
  • 3Add pre-deploy secret scanning in CI/CD
Check if your app is affected
VibeMeds automatically detects this and 41 other vulnerability patterns.
Scan Your App Free →