282 matches found
CVE-2022-0645
Open redirect vulnerability via endpoint authorizeandredirect/?redirect= in GitHub repository posthog/posthog prior to 1.34.1...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The package was flagged as malicious during the Sha1-hulud supply chain attack. Although the Sha1-hulud IoCs are not present within the package, the contents of the affected version were removed from the officia...
@medusajs/medusa (>=2.10.0 <=2.11.4-preview-20251124032825), @medusajs/medusa-oas-cli (>=2.10.0 <=2.11.4-preview-20251124000311) potentially affected by unknown CVE via @medusajs/analytics-posthog (>=2.10.0-preview-20250818120145 <=2.11.4-preview-20251124032825)
@medusajs/analytics-posthog NPM version =2.10.0-preview-20250818120145, =2.10.0, =2.10.0, =2.11.4-preview-20251124000311 Source cves: unknown CVE Source advisory: SNYK:JS-MEDUSAJSANALYTICSPOSTHOG-14137959...
EUVD-2025-199706
Malicious code in org.mvnpm:posthog-node Maven...
Malicious code in org.mvnpm:posthog-node (Maven)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security ea90a5928d7667bed4fa9f6effbbe6c8d3ad6521ca51ca2b01551bc02373a7d2 This package was compromised by the Sha1-Hulud: The Second Coming NPM worm. The malicious payload steals tokens and credentials and...
Malicious code in @posthog/heartbeat-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4b0402071ebf395126c5e1e90681622f203d9744eca75a1f2061a6a2d030cdcc The package @posthog/heartbeat-plugin was found to contain malicious code. Source: google-open-source-security...
EUVD-2025-199446
Malicious code in @posthog/intercom-plugin npm...
EUVD-2025-199445
Malicious code in @posthog/laudspeaker-plugin npm...
EUVD-2025-199443
Malicious code in @posthog/migrator3000-plugin npm...
MAL-2025-191297 Malicious code in @posthog/netdata-event-processing (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3f3fdd5fe90ae01310b329b8e4892a4e79799685cdb45682fd4de592b402710e The package @posthog/netdata-event-processing was found to contain malicious code. Source: google-open-source-security...
MAL-2025-191300 Malicious code in @posthog/zendesk-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0ee22feb7805e50708b86abe78fb463cafe5f1a3408f41297a18deafa6e110fb The package @posthog/zendesk-plugin was found to contain malicious code. Source: google-open-source-security...
MAL-2025-191293 Malicious code in @posthog/intercom-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 12c972a0fa0f1cf26c3a80f626651c44d7d2b9021694b8e4f965ff35b56b0429 The package @posthog/intercom-plugin was found to contain malicious code. Source: google-open-source-security...
Malicious code in posthog-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2b422f278bf27e062b349e97360b6919e773122f21656f23d6da583ce7cb1a92 The package posthog-js was found to contain malicious code. Source: google-open-source-security...
EUVD-2025-199441
Malicious code in @posthog/postgres-plugin npm...
Malicious code in @posthog/postgres-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 10be24eebbc464a61788d5c151ce03171d4abe4b1cd7f27972fef642fc46deda The package @posthog/postgres-plugin was found to contain malicious code. Source: google-open-source-security...
MAL-2025-191295 Malicious code in @posthog/lemon-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bba1e7fb74f376bd3b56d7c910331af7b46fa8c392e697e08f858b837112e061 The package @posthog/lemon-ui was found to contain malicious code. Source: google-open-source-security...
EUVD-2025-199442
Malicious code in @posthog/netdata-event-processing npm...
EUVD-2025-199449
Malicious code in @posthog/filter-out-plugin npm...
Malicious code in @posthog/filter-out-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e29182ef33e7d24b6f775624daaa2eb546ce24fe4d768adf7c561c4e7084d5ff The package @posthog/filter-out-plugin was found to contain malicious code. Source: google-open-source-security...
Malicious code in @posthog/migrator3000-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 167c869b66ffcf5a12e4b451a8ae145840f5fc470da42eb760bd519b48246f71 The package @posthog/migrator3000-plugin was found to contain malicious code. Source: google-open-source-security...