VYPR

npm package

@typebot.io/js

pkg:npm/%40typebot.io/js

Vulnerabilities (1)

  • CVE-2025-65098Jan 22, 2026
    affected < 0.9.15fixed 0.9.15

    Typebot is an open-source chatbot builder. In versions prior to 3.13.2, client-side script execution in Typebot allows stealing all stored credentials from any user. When a victim previews a malicious typebot by clicking "Run", JavaScript executes in their browser and exfiltrates