[brabel]

That’s quite different. Vibe coded apps are not normally even meant to be secure, it’s meant to be used by the creator only. Bad app security is not the same as a vulnerability. A vulnerability would be a library providing some functionality it claims is secure, but in reality it’s not.

[jefftk]

These are very clearly vulnerabilities in the normal sense of the word, and if a security bug means that an app that was supposed to be only accessible to the creator is open to the world that's still quite bad (though the blast radius is small).

If you limit to vulnerabilities that get CVEs, however, https://vibe-radar-ten.vercel.app has 34 in March alone including https://www.sentinelone.com/vulnerability-database/cve-2025-...