pkg:npm/@typebot.io/js
3 total CVEsHIGH2MEDIUM1
✅ Check your installed version
All known vulnerabilities
- HIGH8.7CVE-2026-28445Typebot has Stored XSS via Rating Block Custom Icon that Bypasses isUnsafe Sandbox in Builder Previewfrom 0, < 0.10.1
- HIGH7.4CVE-2025-65098Typebot affected by Credential Theft via Client-Side Script Execution and API Authorization Bypassfrom 0, < 0.9.15
- MEDIUM5.4CVE-2026-39964Typebot.io has stored XSS via `javascript`: URI in text bubble links — bot author executes JS on visitors' browsersfrom 0, < 0.10.1