CVE-2026-47175

Quest Bot (open-source Discord bot) prior to v1.0.4 allowed moderation commands to echo user-supplied reason text in public replies without disabling mention parsing, enabling a user with bot permissions to trigger @everyone/@here pings even when they lack mention permissions. The issue is fixed ...

CVE-2026-47175 Quest Bot: Moderation reason fields allow bot-powered `@everyone` / `@here` pings

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, several moderation commands echo user-controlled reason text in public bot replies without disabling mention parsing. A moderator who does not have permission to mention everyone can...

EUVD-2026-36299

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, a normal user can create a reminder whose message contains @everyone or @here. When the reminder triggers, the bot sends the stored message back into the channel without suppressing...

CVE-2026-47171

CVE-2026-47171 affects Quest Bot (Discord bot). The issue: before v1.0.3, a normal user can create a reminder whose message includes @everyone or @here; when triggered, the bot re-sends the message without suppressing mass mentions, enabling mass pinging if the bot has permission. Root cause: rem...

CVE-2026-47171 Quest Bot: Reminder messages allow stored mass mentions through `@everyone` and `@here`

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, a normal user can create a reminder whose message contains @everyone or @here. When the reminder triggers, the bot sends the stored message back into the channel without suppressing...