276 matches found
Information Exposure
Element Call is vulnerable to Information Exposure. The vulnerability is due to analytics data including full page URLs and URL fragments being sent to a configured PostHog server, which allows an attacker with access to the analytics data to obtain sensitive information such as call encryption...
Element Call reports full URLs of visited pages to analytics server
Impact Element Call versions 0.5.17 through 0.19.3 report analytics data to a PostHog server, when configured to by a posthog key in config.json or by the posthogApiHost and posthogApiKey URL parameters. Several fields of this data $initialpersoninfo, $sessionentryurl, and $currenturl were found ...
GHSA-6VHH-4XW6-H2H2 Element Call reports full URLs of visited pages to analytics server
Impact Element Call versions 0.5.17 through 0.19.3 report analytics data to a PostHog server, when configured to by a posthog key in config.json or by the posthogApiHost and posthogApiKey URL parameters. Several fields of this data $initialpersoninfo, $sessionentryurl, and $currenturl were found ...
PT-2026-48683
Impact Element Call versions 0.5.17 through 0.19.3 report analytics data to a PostHog server, when configured to by a posthog key in config.json or by the posthogApiHost and posthogApiKey URL parameters. Several fields of this data $initial person info, $session entry url, and $current url were...
CVE-2022-0645
Open redirect vulnerability via endpoint authorizeandredirect/?redirect= in GitHub repository posthog/posthog prior to 1.34.1...
@medusajs/medusa (>=2.10.0 <=2.11.4-preview-20251124032825), @medusajs/medusa-oas-cli (>=2.10.0 <=2.11.4-preview-20251124000311) potentially affected by unknown CVE via @medusajs/analytics-posthog (>=2.10.0-preview-20250818120145 <=2.11.4-preview-20251124032825)
@medusajs/analytics-posthog NPM version =2.10.0-preview-20250818120145, =2.10.0, =2.10.0, =2.11.4-preview-20251124000311 Source cves: unknown CVE Source advisory: SNYK:JS-MEDUSAJSANALYTICSPOSTHOG-14137959...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The package was flagged as malicious during the Sha1-hulud supply chain attack. Although the Sha1-hulud IoCs are not present within the package, the contents of the affected version were removed from the officia...
Malicious code in org.mvnpm:posthog-node (Maven)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security ea90a5928d7667bed4fa9f6effbbe6c8d3ad6521ca51ca2b01551bc02373a7d2 This package was compromised by the Sha1-Hulud: The Second Coming NPM worm. The malicious payload steals tokens and credentials and...
EUVD-2025-199706
Malicious code in org.mvnpm:posthog-node Maven...
Malicious code in @posthog/postgres-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 10be24eebbc464a61788d5c151ce03171d4abe4b1cd7f27972fef642fc46deda The package @posthog/postgres-plugin was found to contain malicious code. Source: google-open-source-security...
Malicious code in @posthog/heartbeat-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4b0402071ebf395126c5e1e90681622f203d9744eca75a1f2061a6a2d030cdcc The package @posthog/heartbeat-plugin was found to contain malicious code. Source: google-open-source-security...
Malicious code in @posthog/icons (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3ec3f66a4ef6f7c760c258152acb9b9fc90fb32ce30c847704723e1729e33b7c The package @posthog/icons was found to contain malicious code. Source: google-open-source-security...
EUVD-2025-199441
Malicious code in @posthog/postgres-plugin npm...
EUVD-2025-199446
Malicious code in @posthog/intercom-plugin npm...
EUVD-2025-199444
Malicious code in @posthog/lemon-ui npm...
EUVD-2025-199445
Malicious code in @posthog/laudspeaker-plugin npm...
EUVD-2025-199448
Malicious code in @posthog/heartbeat-plugin npm...
EUVD-2025-199442
Malicious code in @posthog/netdata-event-processing npm...
EUVD-2025-199449
Malicious code in @posthog/filter-out-plugin npm...
Malicious code in @posthog/laudspeaker-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d44feed9d3d00b551ce5d190d7fba454ffbe5757b5a52eeb4c765bf70543d88c The package @posthog/laudspeaker-plugin was found to contain malicious code. Source: google-open-source-security...