VYPR

Discord

by Discord

CVEs (6)

  • CVE-2024-23739CriJan 28, 2024
    risk 0.64cvss 9.8epss 0.02

    An issue in Discord for macOS version 0.0.291 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings.

  • CVE-2021-26918CriFeb 9, 2021
    risk 0.64cvss 9.8epss 0.03

    The ProBot bot through 2021-02-08 for Discord might allow attackers to interfere with the intended purpose of the "Send an image when a user joins the server" feature (or possibly have unspecified other impact) because the uploader web service allows double extensions (such as…

  • CVE-2025-26604HigFeb 18, 2025
    risk 0.47cvss 8.3epss 0.00

    Discord-Bot-Framework-Kernel is a Discord bot framework built with interactions.py, featuring modular extension management and secure execution. Because of the nature of arbitrary user-submited code execution, this allows user to execute potentially malicious code to perform…

  • CVE-2025-4525HigMay 10, 2025
    risk 0.46cvss 7.0epss 0.00

    A vulnerability, which was classified as critical, has been found in Discord 1.0.9188 on Windows. Affected by this issue is some unknown functionality in the library WINSTA.dll. The manipulation leads to uncontrolled search path. The attack needs to be approached locally. The…

  • CVE-2025-0732MedJan 27, 2025
    risk 0.29cvss 4.5epss 0.00

    A vulnerability, which was classified as problematic, has been found in Discord up to 1.0.9177 on Windows. Affected by this issue is some unknown functionality in the library profapi.dll. The manipulation leads to untrusted search path. The attack needs to be approached locally.…

  • CVE-2026-24332MedJan 22, 2026
    risk 0.28cvss 4.3epss 0.00

    Discord through 2026-01-16 allows gathering information about whether a user's client state is Invisible (and not actually offline) because the response to a WebSocket API request includes the user in the presences array (with "status": "offline"), whereas offline users are…