Abstract In practice, the device imperfections might introduce deviations from the idealized models used in the security proofs of quantum key distribution (QKD). This requires the refined security analysis for practical QKD. However, in most of previous analysis, the imperfections are individually considered with different models. Here, we derive a security analysis which takes both the source and detection imperfections into account. Particularly, the efficiency mismatch in the detection and a number of flaws in the source (such as, inaccuracy of encoded quantum state, side-channel of source, distinguishable decoy states, Trojan-horse, and so on) are analyzed in a general security model. Then the performance of the QKD system with the devices imperfections is evaluated. Our results present an important step toward the practical security of QKD wit realistic devices.