Bug Reports & Exports
Every bug VibeQA finds comes with a severity rating, detailed description, screenshot evidence, and a copy-paste fix suggestion.
What's in a bug report
Each finding includes everything you need to understand, prioritize, and fix the issue — no back-and-forth required.
Severity
Critical / High / Medium / Low classification based on user impact and exploitability.
Category
Security, Accessibility, UI, Performance, SEO, or Data Handling — so you can triage fast.
Location
Exact page URL and CSS selector so you can jump straight to the element in your code.
Description
What is wrong, why it matters, and who it affects — written in plain English, not jargon.
Evidence
Annotated screenshot of the issue plus a DOM snapshot — visual proof you can share with your team.
Fix Suggestion
Actual code to fix the issue — not generic advice. Copy, paste, done.
Confidence
80-100% confidence score — how sure the AI is this is a real bug, not a false positive.
Example report
This is what an actual VibeQA finding looks like. Every field filled, every detail actionable.
Missing CSRF protection on /api/checkout
/api/checkout — POST handler
Description
The checkout endpoint accepts POST requests without verifying a CSRF token. An attacker could craft a malicious page that submits a checkout on behalf of a logged-in user, leading to unauthorized purchases. This affects all authenticated users and could result in financial loss.
Evidence
Fix Suggestion
// middleware.ts — add CSRF validation
import { validateCsrfToken } from '@/lib/csrf';
export async function middleware(req: NextRequest) {
if (req.method === 'POST') {
const token = req.headers.get('x-csrf-token');
if (!validateCsrfToken(token)) {
return NextResponse.json(
{ error: 'Invalid CSRF token' },
{ status: 403 }
);
}
}
}Severity Levels
Export formats
Get your findings in the format that fits your workflow. Copy into GitHub issues or pipe into your CI/CD pipeline.
Markdown
Perfect for GitHub issues. Copy the report, paste into an issue — formatting and all.
## [CRITICAL] Missing CSRF protection on /api/checkout
**Category:** Security
**Location:** `/api/checkout` — POST handler
**Confidence:** 96%
### Description
The checkout endpoint accepts POST requests without verifying
a CSRF token. An attacker could craft a malicious page that
submits a checkout on behalf of a logged-in user.
### Fix
```typescript
// middleware.ts — add CSRF validation
import { validateCsrfToken } from '@/lib/csrf';
export async function middleware(req: NextRequest) {
if (req.method === 'POST') {
const token = req.headers.get('x-csrf-token');
if (!validateCsrfToken(token)) {
return NextResponse.json(
{ error: 'Invalid CSRF token' },
{ status: 403 }
);
}
}
}
```JSON
For automation. Parse findings programmatically, integrate with CI/CD, build custom dashboards.
{
"id": "vqa_f8k2m9x1",
"severity": "critical",
"category": "security",
"confidence": 0.96,
"location": {
"url": "/api/checkout",
"method": "POST"
},
"title": "Missing CSRF protection on /api/checkout",
"description": "The checkout endpoint accepts POST requests without verifying a CSRF token...",
"fix": {
"framework": "next.js",
"file": "middleware.ts",
"code": "import { validateCsrfToken } from '@/lib/csrf';\n..."
},
"evidence": {
"screenshot": "findings/vqa_f8k2m9x1.png",
"dom_snapshot": "findings/vqa_f8k2m9x1.html"
}
}Report quality
A bug report is only useful if someone can act on it. Ours are built to be understood and fixed in minutes.
We trained the report writer on 500+ real bug reports from top companies
Reports explain WHY something is a bug, not just WHAT
Fix suggestions are framework-specific (React fix vs Vue fix vs Swift fix)
Zero jargon — junior developers can understand and fix every finding
See it for yourself
Drop your project into VibeQA and get a full bug report in minutes.