Learn how to prevent modern security vulnerabilities including API key leaks, credential exposure, and data breaches. Comprehensive guides for developers and security professionals.
Filter by Severity:
Filter by Category:
Showing 50 of 50 problems
OpenAI API keys accidentally exposed in code repositories, logs, or environment variables, allowing unauthorized access to paid API services.
AWS access keys and secret keys leaked through code repositories, CloudFormation templates, or EC2 instance metadata.
Anthropic Claude API keys leaked through code repositories, browser extensions, or CI/CD logs.
Azure Storage account keys or SAS tokens exposed in code, configuration files, or logs.
Google Cloud Platform service account JSON keys leaked through repositories, containers, or CI/CD systems.
Ethereum wallet private keys or seed phrases exposed in code, logs, or configuration files.
Bitcoin wallet seed phrases or private keys stored in plaintext files, cloud storage, or email.
Firebase service account keys or admin SDK credentials exposed in mobile apps or repositories.
Stripe secret keys or publishable keys exposed in client-side code, repositories, or logs.
SSH private keys, TLS certificates, or signing keys accidentally committed to version control.
MongoDB, PostgreSQL, or MySQL connection strings with embedded credentials exposed in code or config files.
Google Gemini API keys exposed in mobile apps, web applications, or version control systems.
Terraform state files containing plaintext credentials, API keys, and sensitive infrastructure data.
Solana wallet keypairs or private keys hardcoded in smart contracts, scripts, or repositories.
MongoDB Atlas API public and private keys leaked through infrastructure-as-code or CI/CD pipelines.
PlanetScale database passwords or connection strings exposed in application code or environment files.
Sensitive credentials, API keys, or private keys accidentally committed to GitHub repositories and visible in commit history.
GitHub Actions secrets leaked through pull request workflows or compromised actions.
System prompts or API configurations exposed, allowing attackers to manipulate Claude AI behavior through prompt injection attacks.
Secrets hardcoded in Dockerfiles, passed as environment variables, or embedded in Docker images.
Kubernetes secrets stored in base64 encoding (not encrypted) and accessible via API or etcd.
npm authentication tokens accidentally published in package tarballs or .npmrc files.
Discord bot tokens exposed in code repositories, allowing unauthorized bot control.
OAuth 2.0 client secrets embedded in single-page applications or mobile apps.
Supabase anonymous keys used without proper Row Level Security policies, exposing data.
Cloudflare Global API Key or scoped tokens exposed in DNS automation scripts or repositories.
Environment variables containing secrets logged, exposed in error messages, or visible in process listings.
JWT signing keys hardcoded in source code or config files, allowing token forgery.
PyPI API tokens or credentials exposed in CI/CD pipelines, logs, or configuration files.
Twilio Account SID and Auth Token exposed in client-side code or public repositories.
SendGrid API keys exposed in email templates, client code, or configuration files.
Heroku API keys or OAuth tokens committed to version control systems.
Algolia Admin API keys used in frontend code instead of search-only API keys.
CircleCI environment variables or project API tokens exposed through build logs or context leaks.
GitLab CI/CD runner registration tokens or job tokens exposed in configuration files.
Kubernetes Helm chart values files containing plaintext secrets committed to repositories.
Rust Cargo registry tokens exposed in CI/CD pipelines or credentials files.
Railway project tokens or API keys exposed in deployment scripts or CI/CD workflows.
Postmark server API tokens exposed in email service implementations or configuration files.
Contentful Content Management API tokens exposed instead of Content Delivery API tokens.
Google Maps API keys exposed without proper restrictions, allowing billing fraud.
Slack incoming webhook URLs exposed in public repositories or client-side code.
Netlify personal access tokens or deploy keys leaked in CI/CD configurations or repositories.
Vercel authentication tokens or deployment tokens exposed in workflow files or environment variables.
Datadog API keys or application keys exposed in monitoring configurations or repositories.
Mapbox public access tokens used without URL restrictions, leading to billing abuse.
Sanity write tokens or deploy tokens exposed in client-side applications or repositories.
New Relic license keys or user API keys exposed in application code or container images.
Pusher app secret or cluster credentials exposed in client-side WebSocket implementations.
Sentry DSN (Data Source Name) URLs exposed in client-side code, allowing error spam.
Every guide is based on actual security incidents and CVEs from 2024-2025. Learn from real breaches and prevent them.
Not just theory - get actionable steps and tools to protect your systems, including how CloakBin's zero-knowledge encryption helps.
Focus on current security challenges including AI tool vulnerabilities, cloud misconfigurations, and supply chain attacks.
Prioritize critical issues first. Each problem is rated by severity and search volume to help you focus on what matters most.
Use CloakBin's zero-knowledge encryption to share API keys, passwords, and sensitive data securely. No account required, no tracking, completely free.
Try CloakBin Now