npm
@typebot.io/js
3 known vulnerabilities · 0 critical · 0 high
Typebot affected by Credential Theft via Client-Side Script Execution and API Authorization Bypass
Published Jan 22, 2026
GHSA-6m7c-xfhp-p9fh
Typebot has Stored XSS via Rating Block Custom Icon that Bypasses isUnsafe Sandbox in Builder Preview
Published May 26, 2026
GHSA-hqmv-v56g-4m47
Typebot.io has stored XSS via `javascript`: URI in text bubble links — bot author executes JS on visitors' browsers
Published May 26, 2026
Check your entire dependency tree at onceRun dependency scan →