Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in external media URLs passed to sendMessageComponents and other methods that take input originating from MessagegetComponents. An attacker can trigger the application to download arbitrary external...

MAL-2025-18480 Malicious code in discord.htc (npm)

The package discord.htc was found to contain malicious code...

Malicious code in discord.dll (npm)

The package discord.dll was found to contain malicious code...

MAL-2025-18477 Malicious code in discord-v11.js (npm)

The package discord-v11.js was found to contain malicious code...

Malicious code in discord.js-dmall-friends-v11 (npm)

--- -= Per source details. Do not edit below this line.=-...

Oceanic 安全漏洞

Oceanic is a NodeJS library for interacting with Discord open-sourced by Oceanic. A security vulnerability exists in Oceanic versions prior to 1.10.4, which stems from uncleaned user input that may result in URL path traversal...

Malicious code in discord.js-dmall-friends (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a47185392e18cdda84f90b5448bb982832bf1a987d8b7d27af56587e509912c3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in discord.js-self-v22 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 672d9ccd18153a9163f1f9a63ec5d765f412cf86a198d526fb04ecc5aa6eab3f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in dicsord-py (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 2008b73c9ded7f126f53db3db8a339bc33ddca207a5728e11ed5b5bf3349c73c Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

Malicious code in dicord-py (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 0b864d2addddf8ba0c3e6aaa0bc98b501ccd85f812fe6519a45569441451b473 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

Malicious code in ddiscord-py (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx cf203b8bdd905df16a784bbd81081277e5f391b3278fed2c20b25c0d0fad91de Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

Malicious code in v12-discord.js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 771330c094d04cbcf6c83d88eebc212c196e01bce4a4c076a6e62a16a6bb87a6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in discord.js-latest (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware daf5569e8ad30dcf670c015a5bcf4d21670fa36989350f095f7c30c6e0676d33 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in discord.js-selfv14 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c7455378db67912671b608ce66b8f882055de9d85e9869c560d258d9cc7efe7c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2017-16207

discordi.js is a malicious module based on the discord.js library that exfiltrates login tokens to pastebin...