Launch Week Day 1: Announcing Security Design Review
Start for Free
npm

@typebot.io/js

View on npm registry
3 Total advisories
3 Vulnerabilities
0 Malware

Vulnerabilities

MEDIUM 5.4
npm

CVE-2026-39964

Typebot.io has stored XSS via `javascript`: URI in text bubble links — bot author executes JS on visitors' browsers
HIGH 8.7
npm

CVE-2026-28445

Typebot has Stored XSS via Rating Block Custom Icon that Bypasses isUnsafe Sandbox in Builder Preview
HIGH 7.4
npm

CVE-2025-65098

Typebot affected by Credential Theft via Client-Side Script Execution and API Authorization Bypass

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes