6 matches found
Malicious code in org.mvnpm:posthog-node (Maven)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security ea90a5928d7667bed4fa9f6effbbe6c8d3ad6521ca51ca2b01551bc02373a7d2 This package was compromised by the Sha1-Hulud: The Second Coming NPM worm. The malicious payload steals tokens and credentials and...
EUVD-2025-199706
Malicious code in org.mvnpm:posthog-node Maven...
MAL-2025-190925 Malicious code in posthog-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c2ec4a50c0b553e9abbcc25147ad50014cf1488415e1ec8e3234f3e9bb3cc24e The package posthog-node was found to contain malicious code. Source: google-open-source-security...
Malicious code in posthog-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c2ec4a50c0b553e9abbcc25147ad50014cf1488415e1ec8e3234f3e9bb3cc24e The package posthog-node was found to contain malicious code. Source: google-open-source-security...
@agent-relay/daemon (>=2.0.5 <=2.3.14), @agent-relay/dashboard (>=2.0.18 <=2.0.19) +365 more potentially affected by unknown CVE via posthog-node (>=4.0.0 <=4.18.0)
posthog-node NPM version =4.0.0, =2.0.5, =2.0.18, =2.0.5, =2.0.5, =0.59.0, =1.0.0, =0.3.0, =1.0.0, =0.17.1, =1.1.1, =0.1.6, =1.0.0, =1.15.0, =0.7.107, =0.7.150 - @base44-preview/cli =0.0.25-pr.156.f6042c0 and more Source cves: unknown CVE Source advisory: SNYK:JS-POSTHOGNODE-14103346...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...