red-discordbot

PyPI4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting red-discordbotpage 1 of 1

CVE-2020-15140HIGHCVSS 8.2EG 8.2✓ Fixed in 3.3.11
2020-08-21
vulnerable: 3.0.0 ... 3.3.9 (39 versions)
In Red Discord Bot before version 3.3.11, a RCE exploit has been discovered in the Trivia module: this exploit allows Discord users with specifically crafted usernames to inject code into the Trivia module's leaderboard command. By abusing…
CVE-2020-15147HIGHCVSS 8.5EG 8.5✓ Fixed in 3.3.12
2020-08-21
vulnerable: 3.0.0 ... 3.3.9 (40 versions)
Red Discord Bot before versions 3.3.12 and 3.4 has a Remote Code Execution vulnerability in the Streams module. This exploit allows Discord users with specifically crafted "going live" messages to inject code into the Streams module's goin…
CVE-2020-15278HIGHCVSS 7.7EG 7.7✓ Fixed in 3.4.1
2020-10-28
vulnerable: 3.0.0 ... 3.4.0 (42 versions)
Red Discord Bot before version 3.4.1 has an unauthorized privilege escalation exploit in the Mod module. This exploit allows Discord users with a high privilege level within the guild to bypass hierarchy checks when the application is in a…
CVE-2024-39905MEDIUMCVSS 5.3EG 5.3✓ Fixed in 3.5.10
2024-07-11
vulnerable: 3.5.0 ... 3.5.9 (10 versions)
Red is a fully modular Discord bot. Due to a bug in Red's Core API, 3rd-party cogs using the `@commands.can_manage_channel()` command permission check without additional permission controls may authorize a user to run a command even when t…

Check whether red-discordbot is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for red-discordbot CVEs against the assets you own.

Start Free Scan →