pkg:npm/@typebot.io/js
3 total CVEsHIGH2MEDIUM1
✅ Check your installed version
All known vulnerabilities
HIGH8.7CVE-2026-28445Typebot has Stored XSS via Rating Block Custom Icon that Bypasses isUnsafe Sandbox in Builder Preview from 0, < 0.10.1
HIGH7.4CVE-2025-65098Typebot affected by Credential Theft via Client-Side Script Execution and API Authorization Bypass from 0, < 0.9.15
MEDIUM5.4CVE-2026-39964Typebot.io has stored XSS via `javascript`: URI in text bubble links — bot author executes JS on visitors' browsers from 0, < 0.10.1