Vibe Vulnerability Scanner

Tracking since Apr 29, 2026.

Changelog

• May 6, 2026
  description

  Catch exploitable vulnerabilities before attackers do. Vibe Vulnerability
    Scanner is a powerful Chrome extension that performs real-time security
    scanning of web applications using CISA's Known Exploited Vulnerabilities
    (KEV) catalog with automatic NVD verification.
  
    🔍 KEY FEATURES
  
    • Real-time Scanning - Automatic vulnerability detection on page load
    • CISA KEV Integration - Checks against official Known Exploited
    Vulnerabilities catalog
    • NVD Verification - Confirms vulnerable versions using NIST CVE data
    • Persistent History - Stores last 50 scans per domain
    • Export Results - Download findings as JSON or CSV
    • HTTP Header Analysis - Inspects security headers
    • Confidence Scoring - Distinguishes confirmed findings from heuristics
    • Privacy First - All scanning happens locally, no data collection
  
    🛡️ WHAT GETS SCANNED
  
    Confirmed Issues:
    ✓ HTTP Scripts - Loading scripts over insecure HTTP
    ✓ Weak CSP - unsafe-inline or unsafe-eval in Content Security Policy
    ✓ Vulnerable Libraries - Confirmed KEV match with NVD verification
    ✓ Missing Security Headers - HSTS, X-Frame-Options, etc.
  
    Heuristic Patterns (Require Verification):
    • Inline Event Handlers - onclick, onerror, etc.
    • Secret Exposure - Pattern matching for API keys
    • innerHTML Usage - Potential XSS risk
    • Missing SRI - CDN scripts without integrity checks
  
    📊 UNDERSTANDING RESULTS
  
    Results are categorized by confidence level:
    • HIGH - Strong evidence (e.g., confirmed HTTP script loading)
    • MEDIUM - Likely issue requiring verification
    • LOW - Weak signal requiring manual investigation
  
    And by finding category:
    • Confirmed - Objective fact
    • Probable - Likely issue based on strong evidence
    • Heuristic - Pattern-based detection requiring context
  
    🔒 SECURITY & PRIVACY
  
    ✓ No External Data Transmission - All scanning is client-side
    ✓ No User Tracking - No analytics, no telemetry
    ✓ Minimal Permissions - Only activeTab, storage, alarms, tabs
    ✓ Safe Rendering - All content rendered via DOM APIs
    ✓ HTTPS Only - KEV catalog and NVD API calls use HTTPS
    ✓ Open Source - Full source code available on GitHub
  
    🎯 PERFECT FOR
  
    • Security Professionals - Quick vulnerability assessment
    • Penetration Testers - Initial reconnaissance
    • Web Developers - Security hygiene checks during development
    • DevSecOps Teams - Shift-left security testing
    • Bug Bounty Hunters - Fast initial scanning
  
    💡 HOW IT WORKS
  
    1. Detects JavaScript libraries from script URLs and meta tags
    2. Matches products against CISA KEV catalog
    3. Fetches CVE details from NVD API for vulnerable version ranges
    4. Compares detected versions to determine exposure
    5. Provides actionable remediation guidance
  
    🚀 GETTING STARTED
  
    1. Install the extension
    2. Navigate to any website
    3. Click the extension icon
    4. Review findings with severity breakdown
    5. Expand details for remediation guidance
    6. Export results if needed
  
    Built with ❤️ by eBay's security team and open-sourced for the community.
  
    GitHub: https://github.com/ramukallepalli/vibe-vuln-scanner
    Documentation: https://github.com/ramukallepalli/vibe-vuln-scanner#readme
    Report Issues: https://github.com/ramukallepalli/vibe-vuln-scanner/issues
  
    Powered by CISA KEV and NIST NVD.

  Catch exploitable vulnerabilities before attackers do. Vibe Vulnerability
    Scanner is a powerful Chrome extension that performs real-time security
    scanning of web applications using CISA's Known Exploited Vulnerabilities
    (KEV) catalog with automatic NVD verification.
  
    🔍 KEY FEATURES
  
    • Real-time Scanning - Automatic vulnerability detection on page load
    • CISA KEV Integration - Checks against official Known Exploited
    Vulnerabilities catalog
    • NVD Verification - Confirms vulnerable versions using NIST CVE data
    • Persistent History - Stores last 50 scans per domain
    • Export Results - Download findings as JSON or CSV
    • HTTP Header Analysis - Inspects security headers
    • Confidence Scoring - Distinguishes confirmed findings from heuristics
    • Privacy First - All scanning happens locally, no data collection
  
    🛡️ WHAT GETS SCANNED
  
    Confirmed Issues:
    ✓ HTTP Scripts - Loading scripts over insecure HTTP
    ✓ Weak CSP - unsafe-inline or unsafe-eval in Content Security Policy
    ✓ Vulnerable Libraries - Confirmed KEV match with NVD verification
    ✓ Missing Security Headers - HSTS, X-Frame-Options, etc.
  
    Heuristic Patterns (Require Verification):
    • Inline Event Handlers - onclick, onerror, etc.
    • Secret Exposure - Pattern matching for API keys
    • innerHTML Usage - Potential XSS risk
    • Missing SRI - CDN scripts without integrity checks
  
    📊 UNDERSTANDING RESULTS
  
    Results are categorized by confidence level:
    • HIGH - Strong evidence (e.g., confirmed HTTP script loading)
    • MEDIUM - Likely issue requiring verification
    • LOW - Weak signal requiring manual investigation
  
    And by finding category:
    • Confirmed - Objective fact
    • Probable - Likely issue based on strong evidence
    • Heuristic - Pattern-based detection requiring context
  
    🔒 SECURITY & PRIVACY
  
    ✓ No External Data Transmission - All scanning is client-side
    ✓ No User Tracking - No analytics, no telemetry
    ✓ Minimal Permissions - Only activeTab, storage, alarms, tabs
    ✓ Safe Rendering - All content rendered via DOM APIs
    ✓ HTTPS Only - KEV catalog and NVD API calls use HTTPS
    ✓ Open Source - Full source code available on GitHub
  
    🎯 PERFECT FOR
  
    • Security Professionals - Quick vulnerability assessment
    • Penetration Testers - Initial reconnaissance
    • Web Developers - Security hygiene checks during development
    • DevSecOps Teams - Shift-left security testing
    • Bug Bounty Hunters - Fast initial scanning
  
    💡 HOW IT WORKS
  
    1. Detects JavaScript libraries from script URLs and meta tags
    2. Matches products against CISA KEV catalog
    3. Fetches CVE details from NVD API for vulnerable version ranges
    4. Compares detected versions to determine exposure
    5. Provides actionable remediation guidance
  
    🚀 GETTING STARTED
  
    1. Install the extension
    2. Navigate to any website
    3. Click the extension icon
    4. Review findings with severity breakdown
    5. Expand details for remediation guidance
    6. Export results if needed
  
    GitHub: https://github.com/ramukallepalli/vibe-vuln-scanner
    Documentation: https://github.com/ramukallepalli/vibe-vuln-scanner#readme
    Report Issues: https://github.com/ramukallepalli/vibe-vuln-scanner/issues
  
    Powered by CISA KEV and NIST NVD.

Permissions & access

Permissions

activeTabstoragealarmstabswebRequestdownloads

Host access

<all_urls>

Screenshots