Lucene search
K

276 matches found

Veracode
Veracode
added 2026/06/12 3:22 a.m.17 views

Information Exposure

Element Call is vulnerable to Information Exposure. The vulnerability is due to analytics data including full page URLs and URL fragments being sent to a configured PostHog server, which allows an attacker with access to the analytics data to obtain sensitive information such as call encryption...

5.2AI score0.00023EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/11 1:26 p.m.13 views

Element Call reports full URLs of visited pages to analytics server

Impact Element Call versions 0.5.17 through 0.19.3 report analytics data to a PostHog server, when configured to by a posthog key in config.json or by the posthogApiHost and posthogApiKey URL parameters. Several fields of this data $initialpersoninfo, $sessionentryurl, and $currenturl were found ...

5.5AI score0.00023EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/11 1:26 p.m.8 views

GHSA-6VHH-4XW6-H2H2 Element Call reports full URLs of visited pages to analytics server

Impact Element Call versions 0.5.17 through 0.19.3 report analytics data to a PostHog server, when configured to by a posthog key in config.json or by the posthogApiHost and posthogApiKey URL parameters. Several fields of this data $initialpersoninfo, $sessionentryurl, and $currenturl were found ...

8.6CVSS5.5AI score0.00023EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.18 views

PT-2026-48683

Impact Element Call versions 0.5.17 through 0.19.3 report analytics data to a PostHog server, when configured to by a posthog key in config.json or by the posthogApiHost and posthogApiKey URL parameters. Several fields of this data $initial person info, $session entry url, and $current url were...

8.6CVSS5.5AI score0.00023EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/09 9:12 a.m.7 views

CVE-2022-0645

Open redirect vulnerability via endpoint authorizeandredirect/?redirect= in GitHub repository posthog/posthog prior to 1.34.1...

6.1CVSS6.9AI score0.00787EPSS
Exploits1References1
vulnersOsv
vulnersOsv
added 2025/11/27 3:49 p.m.6 views

@medusajs/medusa (>=2.10.0 <=2.11.4-preview-20251124032825), @medusajs/medusa-oas-cli (>=2.10.0 <=2.11.4-preview-20251124000311) potentially affected by unknown CVE via @medusajs/analytics-posthog (>=2.10.0-preview-20250818120145 <=2.11.4-preview-20251124032825)

@medusajs/analytics-posthog NPM version =2.10.0-preview-20250818120145, =2.10.0, =2.10.0, =2.11.4-preview-20251124000311 Source cves: unknown CVE Source advisory: SNYK:JS-MEDUSAJSANALYTICSPOSTHOG-14137959...

5.8AI score
Exploits0
Snyk
Snyk
added 2025/11/27 3:49 p.m.3 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The package was flagged as malicious during the Sha1-hulud supply chain attack. Although the Sha1-hulud IoCs are not present within the package, the contents of the affected version were removed from the officia...

9.8CVSS6.8AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/26 4:39 a.m.14 views

Malicious code in org.mvnpm:posthog-node (Maven)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security ea90a5928d7667bed4fa9f6effbbe6c8d3ad6521ca51ca2b01551bc02373a7d2 This package was compromised by the Sha1-Hulud: The Second Coming NPM worm. The malicious payload steals tokens and credentials and...

6.9AI score
Exploits0References3
EUVD
EUVD
added 2025/11/26 4:39 a.m.3 views

EUVD-2025-199706

Malicious code in org.mvnpm:posthog-node Maven...

6.6AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/25 12:16 a.m.9 views

Malicious code in @posthog/postgres-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 10be24eebbc464a61788d5c151ce03171d4abe4b1cd7f27972fef642fc46deda The package @posthog/postgres-plugin was found to contain malicious code. Source: google-open-source-security...

6.9AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/25 12:16 a.m.7 views

Malicious code in @posthog/heartbeat-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4b0402071ebf395126c5e1e90681622f203d9744eca75a1f2061a6a2d030cdcc The package @posthog/heartbeat-plugin was found to contain malicious code. Source: google-open-source-security...

6.9AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/25 12:16 a.m.6 views

Malicious code in @posthog/icons (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3ec3f66a4ef6f7c760c258152acb9b9fc90fb32ce30c847704723e1729e33b7c The package @posthog/icons was found to contain malicious code. Source: google-open-source-security...

6.9AI score
Exploits0References3
EUVD
EUVD
added 2025/11/25 12:16 a.m.3 views

EUVD-2025-199441

Malicious code in @posthog/postgres-plugin npm...

6.6AI score
Exploits0References3
EUVD
EUVD
added 2025/11/25 12:16 a.m.3 views

EUVD-2025-199446

Malicious code in @posthog/intercom-plugin npm...

6.6AI score
Exploits0References3
EUVD
EUVD
added 2025/11/25 12:16 a.m.4 views

EUVD-2025-199444

Malicious code in @posthog/lemon-ui npm...

6.6AI score
Exploits0References3
EUVD
EUVD
added 2025/11/25 12:16 a.m.3 views

EUVD-2025-199445

Malicious code in @posthog/laudspeaker-plugin npm...

6.6AI score
Exploits0References3
EUVD
EUVD
added 2025/11/25 12:16 a.m.4 views

EUVD-2025-199448

Malicious code in @posthog/heartbeat-plugin npm...

6.6AI score
Exploits0References3
EUVD
EUVD
added 2025/11/25 12:16 a.m.7 views

EUVD-2025-199442

Malicious code in @posthog/netdata-event-processing npm...

6.6AI score
Exploits0References3
EUVD
EUVD
added 2025/11/25 12:16 a.m.5 views

EUVD-2025-199449

Malicious code in @posthog/filter-out-plugin npm...

6.6AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/25 12:16 a.m.5 views

Malicious code in @posthog/laudspeaker-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d44feed9d3d00b551ce5d190d7fba454ffbe5757b5a52eeb4c765bf70543d88c The package @posthog/laudspeaker-plugin was found to contain malicious code. Source: google-open-source-security...

6.9AI score
Exploits0References3
Rows per page
Query Builder