JDA (Java Discord API) downloads external URLs when updating message components

Impact Anyone using untrusted message components may be affected. On versions =6.0.0,6.1.3 of JDA, the requester will attempt to download external media URLs from components if they are used in an update or send request. If you are used MessagegetComponents or similar to get a list of components...

GHSA-93FV-4PM9-XP28 JDA (Java Discord API) downloads external URLs when updating message components

Impact Anyone using untrusted message components may be affected. On versions =6.0.0,6.1.3 of JDA, the requester will attempt to download external media URLs from components if they are used in an update or send request. If you are used MessagegetComponents or similar to get a list of components...

EUVD-2025-202169

JDA Java Discord API downloads external URLs when updating message components...

EUVD-2022-1725

Malicious code in bioql PyPI...

CVE-2022-24849

DisCatSharp is a Discord API wrapper for .NET. Users of versions 9.8.5, 9.8.6, 9.9.0 and previously published prereleases of 10.0.0 who have used either one of the two RequireDisCatSharpDeveloperAttributes or the BaseDiscordClient.LibraryDeveloperTeam have potentially had their bot token sent to ...

MAL-2024-9095 Malicious code in discord-api-docs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 14532f4785bce55a885a6fd2945c9705ab690e1385adeee16c6d8d2d9420b4b8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in discord-api-docs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 14532f4785bce55a885a6fd2945c9705ab690e1385adeee16c6d8d2d9420b4b8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-12255 Malicious code in discord-api (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3b55230c05e2303e965a53322d83ead8df66e188c696755b26efefd96192a144 Package suggests being an api for discord. On importing the module, it attempts to find and exfiltrate leveldb databases from Discord apps and Chrome ---...

MAL-2024-7750 Malicious code in discord-api-ts (npm)

This package is considered malicious because it contains a heavily obfuscated postinstall.js script with multiple stages of payload execution, resulting in the delivery of QuasarRAT. This allows command and control by a malicious actor. --- -= Per source details. Do not edit below this line.=-...

Malicious code in DіsсorԁRPC.API (NuGet)

--- -= Per source details. Do not edit below this line.=-...

discordrb OS Command Injection vulnerability

discordrb is an implementation of the Discord API using Ruby. In discordrb before commit 91e13043ffa the encoder.rb file unsafely constructs a shell string using the file parameter, which can potentially leave clients of discordrb vulnerable to command injection. The library is not directly...

CVE-2022-36024 Bots using py-cord as discord api wrapper are vulnerable to shutdowns through remote code execution

py-cord is a an API wrapper for Discord written in Python. Bots creating using py-cord version 2.0.0 are vulnerable to remote shutdown if they are added to the server with the application.commands scope without the bot scope. Currently, it appears that all public bots that use slash commands are...

CVE-2022-36024 Bots using py-cord as discord api wrapper are vulnerable to shutdowns through remote code execution

py-cord is a an API wrapper for Discord written in Python. Bots creating using py-cord version 2.0.0 are vulnerable to remote shutdown if they are added to the server with the application.commands scope without the bot scope. Currently, it appears that all public bots that use slash commands are...

Bots using py-cord as Discord API wrapper are vulnerable to shutdowns through remote code execution

Impact py-cord is a an API wrapper for Discord written in Python. Bots using py-cord version 2.0.0 are vulnerable to remote shutdown if they are added to the server with the application.commands scope without the bot scope. Currently, it appears that all public bots that use slash commands are...

CVE-2022-24849

DisCatSharp is a Discord API wrapper for .NET. Users of versions 9.8.5, 9.8.6, 9.9.0 and previously published prereleases of 10.0.0 who have used either one of the two RequireDisCatSharpDeveloperAttributes or the BaseDiscordClient.LibraryDeveloperTeam have potentially had their bot token sent to ...

CVE-2022-24849 Contact to DisCatSharp-owned server using authenticated client

DisCatSharp is a Discord API wrapper for .NET. Users of versions 9.8.5, 9.8.6, 9.9.0 and previously published prereleases of 10.0.0 who have used either one of the two RequireDisCatSharpDeveloperAttributes or the BaseDiscordClient.LibraryDeveloperTeam have potentially had their bot token sent to ...

CVE-2022-24849 Contact to DisCatSharp-owned server using authenticated client

DisCatSharp is a Discord API wrapper for .NET. Users of versions 9.8.5, 9.8.6, 9.9.0 and previously published prereleases of 10.0.0 who have used either one of the two RequireDisCatSharpDeveloperAttributes or the BaseDiscordClient.LibraryDeveloperTeam have potentially had their bot token sent to ...

CVE-2022-24849

DisCatSharp (Discord API wrapper for .NET) versions 9.8.5–9.9.0 and prereleases of 10.0.0 may have sent bot tokens to a DisCatSharp-owned web server when using either the two RequireDisCatSharpDeveloperAttribute attributes or BaseDiscordClient.LibraryDeveloperTeam. The issue was addressed in 9.9....