Malicious Package

Overview emergency-pull-request-probot-app is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

Malicious Package

Overview openwhisk-probot-builder is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

Malicious code in openwhisk-probot-builder (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware df529e6edfae25a9476f48b45ecffb81a502aff2baa1f23ffe224a99c88a0fa5 Any computer that has this package installed or running should be considered...

MAL-2025-47855 Malicious code in openwhisk-probot-builder (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware df529e6edfae25a9476f48b45ecffb81a502aff2baa1f23ffe224a99c88a0fa5 Any computer that has this package installed or running should be considered...

Malicious code in emergency-pull-request-probot-app (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

@adobe/openwhisk-probot-builder (>=1.0.37 <=1.0.66), @adobe/probot-serverless-openwhisk (>=4.0.32 <=4.0.55) +29 more potentially affected by CVE-2023-50728 via probot (>=0.3.3 <=12.3.1)

probot NPM version =0.3.3, =1.0.37, =4.0.32, =2.0.0, =2.0.0, =1.0.0, =1.0.0, =0.0.0-PLACEHOLDER, =0.1.0, =1.0.0, =0.0.1, =0.10.1, =2.0.0, =2.1.0 and more Source cves: CVE-2023-50728 Source advisory: OSV:GHSA-PWFR-8PQ7-X9QV...

@adobe/probot-serverless-openwhisk (>=4.0.24 <=4.0.54), @csnext/cs-layer-server (>=0.0.101-beta.22 <=0.0.132-beta.207) +243 more potentially affected by CVE-2021-32822 via hbs (>=1.0.1 <=4.1.2)

hbs NPM version =1.0.1, =4.0.24, =0.0.101-beta.22, =0.7.0, =0.7.0, =0.7.0, =0.19.0, =2.0.1, =0.1.5, =0.9.0, =0.0.1-alpha.0, =0.1.2, =0.1.2, =0.1.0, =0.2.1, =4.3.0 and more Source cves: CVE-2021-32822 Source advisory: OSV:GHSA-7F5C-RPF4-86P8...

Probot Bot Type Confusion (CVE-2021-26918)

A type confusion vulnerability exists in Probot Bot. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

CVE-2021-26918

The ProBot bot through 2021-02-08 for Discord might allow attackers to interfere with the intended purpose of the "Send an image when a user joins the server" feature or possibly have unspecified other impact because the uploader web service allows double extensions such as .html.jpg with the...

CVE-2021-26918

The ProBot bot through 2021-02-08 for Discord might allow attackers to interfere with the intended purpose of the "Send an image when a user joins the server" feature or possibly have unspecified other impact because the uploader web service allows double extensions such as .html.jpg with the...

Code injection

DISPUTED The ProBot bot through 2021-02-08 for Discord might allow attackers to interfere with the intended purpose of the "Send an image when a user joins the server" feature or possibly have unspecified other impact because the uploader web service allows double extensions such as .html.jpg wit...

CVE-2021-26918

The ProBot bot through 2021-02-08 for Discord might allow attackers to interfere with the intended purpose of the "Send an image when a user joins the server" feature or possibly have unspecified other impact because the uploader web service allows double extensions such as .html.jpg with the...

CVE-2021-26918

The ProBot bot through 2021-02-08 for Discord might allow attackers to interfere with the intended purpose of the "Send an image when a user joins the server" feature or possibly have unspecified other impact because the uploader web service allows double extensions such as .html.jpg with the...

CVE-2021-26918

The CVE-2021-26918 issue affects the ProBot Discord bot (through 2021-02-08) where the uploader web service accepts double extensions (e.g., .html.jpg) with content type text/html, enabling interference with the bot’s “Send an image when a user joins the server” feature and potentially other impa...

Discord Probot Arbitrary File Upload

Exploit Title: Discord Probot - Unrestricted File Upload Google Dork: N/A Date: 2021-02-08 Exploit Author: ThelastVvV Vendor Homepage:probot.io Version:Version 2021 Tested on: Debian 5.7.10-1parrot2 CVE:CVE-2021-26918 About: Probot is a discord very customizable multipurpose bot for welcome image...

PT-2021-17175 · Discord · Probot

Name of the Vulnerable Software and Affected Versions: ProBot bot through 2021-02-08 for Discord Description: The issue allows attackers to interfere with the intended purpose of the "Send an image when a user joins the server" feature, or possibly have unspecified other impact, because the...

Discord ProBot Code Issue Vulnerability

Discord is a free chat service from Discord Inc. A code issue vulnerability exists in versions prior to Discord ProBot 2021-02-08, which stems from the server's requirement that uploaded images be in text/html format, and can be exploited by an attacker to interfere with a user's image uploading...