pypi

discord-telemetry @0.1.5

Vulnerability report · Last retrieved from osv.dev July 16, 2026 at 7:58 PM UTC

Malicious

OSV ID

MAL-2026-10701

Ecosystem

pypi

Summary

During installation, the package downloads and executes a remote executable. Before 0.1.5, the code contained local-only tests of malicious behaviour. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2026-07-discord-telemetry Reasons (based on the campaign): - The package overrides the install command in setup.py to execute malicious code during installation. - Downloads and executes a remote executable. - malware

Source: kam193 (b8a926675ed9f43b0067def4bd625208d08a08c8750fd3c2f9f7bfd6138e3d4d)

Protect your entire dependency tree

Scan your lock files automatically on every PR. Block malicious packages before they reach production.