Top 10 Vulnerabilities Found in AI-Generated Code

The Data

After scanning thousands of repositories built with AI coding tools, clear patterns emerge.

1. SQL Injection (87% of projects)

String concatenation for queries instead of parameterised statements.

2. Cross-Site Scripting (73%)

User input rendered without sanitisation.

3. Hardcoded Credentials (64%)

API keys and passwords embedded directly in source code.

4. Insecure Dependencies (61%)

Outdated packages with known CVEs.

5. Missing Authentication (52%)

API routes without auth middleware.

6. CORS Misconfiguration (48%)

Wildcard Access-Control-Allow-Origin on sensitive APIs.

7. Path Traversal (39%)

File operations using unsanitised user input.

8. Insecure Cryptography (35%)

MD5 for passwords, weak JWT algorithms.

9. Missing Rate Limiting (31%)

No throttling on login endpoints or API calls.

10. Server-Side Request Forgery (24%)

URLs from user input passed directly to fetch without validation.

The Solution

Automated scanning catches these patterns instantly. VibeTrace scans your entire codebase and flags every instance with severity ratings and fix suggestions.