EUVD-2025-199440

Malicious code in @posthog/zendesk-plugin npm...

EUVD-2025-199097

Malicious code in @posthog/drop-events-on-property-plugin npm...

EUVD-2025-198935

Malicious code in @posthog/react-rrweb-player npm...

Malicious code in @posthog/first-time-event-tracker (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c0fbb010dddd152c8b71f6919fd4d3e53999bd09a5354ce3411cb45caa8106a The package @posthog/first-time-event-tracker was found to contain malicious code. Source: google-open-source-security...

MAL-2025-190890 Malicious code in @posthog/react-rrweb-player (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7639d9bf4c377c1cb1bd2839d92cdc3ebdab0abb25b93f6b79914fc02634c2b4 The package @posthog/react-rrweb-player was found to contain malicious code. Source: google-open-source-security...

MAL-2025-190878 Malicious code in @posthog/first-time-event-tracker (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c0fbb010dddd152c8b71f6919fd4d3e53999bd09a5354ce3411cb45caa8106a The package @posthog/first-time-event-tracker was found to contain malicious code. Source: google-open-source-security...

MAL-2025-190877 Malicious code in @posthog/event-sequence-timer-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector db26ed26bc40e436602c36fa1c507d324e650f5aeba5a15875e59daadc8a5a14 The package @posthog/event-sequence-timer-plugin was found to contain malicious code. Source: google-open-source-security...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...