@typebot.io/js (npm) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package @typebot.io/js, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (3)
CVE-2026-28445 — CVSS 8.7 (high): Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the RatingButton component in the embed package renders the…
CVE-2025-65098 — CVSS 7.4 (high): Typebot is an open-source chatbot builder. In versions prior to 3.13.2, client-side script execution in Typebot allows stealing all stored…
CVE-2026-39964 — CVSS 5.4 (medium): TypeBot is a chatbot builder tool. In versions prior to 3.16.0, the Typebot viewer (packages/embeds/js) renders anchor tags from rich text…