We Built LeakScope After Seeing the Same Supabase Leaks Everywhere
While pentesting Supabase-powered apps — especially fast-built MVPs using tools like Cursor, Lovable, and Bolt — we kept seeing the same thing:
The same critical security issues. Over and over again.
Leaked API keys sitting in frontend code.
Databases with no proper access control.
User data exposed with a simple ID change.
These weren’t rare mistakes — they were patterns.
One small misconfiguration, and your entire database could be public.
We fixed these issues in our own projects first.
Then we realized: this isn’t just our problem — it’s everywhere.
Introducing LeakScope
LeakScope is a free security scanner for Supabase apps.
Just paste your app URL and get a clear report in seconds.
No login. No setup. No risk to your project.
What We Kept Finding
Across hundreds of real apps, the same issues showed up again and again:
- API keys exposed in public JavaScript
- Weak or missing access control (RLS)
- Users able to access other users’ data
- Sensitive data leaking in responses
These are the kinds of issues that can quietly turn into major breaches.
Real Impact
Since launching in March 2026:
- 1,600+ apps scanned
- 11,000+ vulnerabilities found
Many of them were serious enough to expose entire databases.
How It Works
LeakScope scans your app the same way an attacker would — from the outside.
It looks at publicly accessible code and endpoints, and flags real risks with clear explanations so you know exactly what to fix.
Everything is read-only, and nothing is stored.
Who This Is For
If you're:
- Building fast with Supabase
- Shipping MVPs with AI tools
- Not 100% confident about your security
LeakScope gives you a quick safety check before things go wrong.
Try It
Go to https://www.leakscope.tech/
Paste your app URL
Run a scan
Takes less than a minute.
We built LeakScope because we kept seeing the same problems everywhere.
Now you can catch them before someone else does.
Top comments (0)