Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

Malicious code in @posthog/core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 92317c7f15a5eade85fe5c248b9b31870be1b384a5e5455dd3ea546c94c279e4 The package @posthog/core was found to contain malicious code. Source: ghsa-malware 8fce4f3a908b835a108ad8c30d1f2095f67e065911b353c73d0f9151be9ed6bf...

0dot (=0.6.0), 0pflow (>=0.1.0-dev.0de2bc6 <=0.1.0-dev.f5622ac) +963 more potentially affected by unknown CVE via @posthog/core (>=1.0.0 <=1.5.5)

@posthog/core NPM version =1.0.0, =0.1.0-dev.0de2bc6, =2.0.1, =0.0.1, =1.1.5-beta.2, =0.2.0, =1.26.0, =1.0.3, =0.1.0, =0.1.2 - @adhisang/minecraft-modding-mcp =1.0.0 and more Source cves: unknown CVE Source advisory: OSV:MAL-2025-190645...

EUVD-2025-198645

Malicious code in @posthog/core npm...

MAL-2025-190645 Malicious code in @posthog/core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 92317c7f15a5eade85fe5c248b9b31870be1b384a5e5455dd3ea546c94c279e4 The package @posthog/core was found to contain malicious code. Source: ghsa-malware 8fce4f3a908b835a108ad8c30d1f2095f67e065911b353c73d0f9151be9ed6bf...