Lucene search
K

39 matches found

OSV
OSV
added 2025/11/24 4:31 p.m.3 views

MAL-2025-190873 Malicious code in @posthog/automatic-cohorts-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6bf3963e4ab04b6b37d6cbb3f237a7b5577ddd854a7249a30f8b78dcc063af97 The package @posthog/automatic-cohorts-plugin was found to contain malicious code. Source: google-open-source-security...

6.8AI score
Exploits0References3
EUVD
EUVD
added 2025/11/24 4:31 p.m.2 views

EUVD-2025-198948

Malicious code in @posthog/event-sequence-timer-plugin npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/24 4:31 p.m.4 views

EUVD-2025-198952

Malicious code in @posthog/automatic-cohorts-plugin npm...

6.6AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/24 4:31 p.m.8 views

Malicious code in @posthog/url-normalizer-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3af45430785d7a562e6a3ccfe29b377e17c6c71d4bbcefa7a8e4fc67e95977c8 The package @posthog/url-normalizer-plugin was found to contain malicious code. Source: google-open-source-security...

6.9AI score
Exploits0References3
EUVD
EUVD
added 2025/11/24 4:31 p.m.2 views

EUVD-2025-198951

Malicious code in @posthog/currency-normalization-plugin npm...

6.6AI score
Exploits0
OSV
OSV
added 2025/11/24 4:31 p.m.3 views

MAL-2025-190881 Malicious code in @posthog/gitub-star-sync-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4be422ec924addbeb23c34a8b3305835feb3d665ab57afdc1450734d0b10f5a4 The package @posthog/gitub-star-sync-plugin was found to contain malicious code. Source: google-open-source-security...

6.8AI score
Exploits0References3
Snyk
Snyk
added 2025/11/24 4:24 p.m.1 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

9.8CVSS6.8AI score
Exploits0References3
Snyk
Snyk
added 2025/11/24 4:24 p.m.1 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

9.8CVSS6.8AI score
Exploits0References3
Snyk
Snyk
added 2025/11/24 4:24 p.m.3 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

9.8CVSS6.8AI score
Exploits0References3
Snyk
Snyk
added 2025/11/24 4:24 p.m.3 views

Embedded Malicious Code

Overview @posthog/plugin-server is a PostHog Plugin Server Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malwa...

9.8CVSS6.8AI score
Exploits0References3
Snyk
Snyk
added 2025/11/24 4:24 p.m.2 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

9.8CVSS6.8AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/24 2:12 p.m.5 views

Malicious code in posthog-plugin-hello-world (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 411e53a1772704343ddb3da6957e8e0ee4e8167ec93030bf27e2247081fddc61 The package posthog-plugin-hello-world was found to contain malicious code. Source: ghsa-malware...

6.9AI score
Exploits0References4
EUVD
EUVD
added 2025/11/24 2:12 p.m.2 views

EUVD-2025-198737

Malicious code in posthog-plugin-hello-world npm...

6.6AI score
Exploits0References4
OSV
OSV
added 2025/11/24 2:12 p.m.4 views

MAL-2025-190778 Malicious code in posthog-plugin-hello-world (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 411e53a1772704343ddb3da6957e8e0ee4e8167ec93030bf27e2247081fddc61 The package posthog-plugin-hello-world was found to contain malicious code. Source: ghsa-malware...

6.8AI score
Exploits0References4
EUVD
EUVD
added 2025/11/24 1:51 p.m.1 views

EUVD-2025-198757

Malicious code in @posthog/plugin-contrib npm...

6.6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/24 1:51 p.m.9 views

Malicious code in @posthog/plugin-contrib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector afcd017c0dad0f7c8771c40b6fbc9308cf19b77a704f62856696156fb3cf156b The package @posthog/plugin-contrib was found to contain malicious code. Source: ghsa-malware...

6.9AI score
Exploits0References4
OSV
OSV
added 2025/11/24 1:51 p.m.4 views

MAL-2025-190751 Malicious code in @posthog/plugin-contrib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector afcd017c0dad0f7c8771c40b6fbc9308cf19b77a704f62856696156fb3cf156b The package @posthog/plugin-contrib was found to contain malicious code. Source: ghsa-malware...

6.8AI score
Exploits0References4
Veracode
Veracode
added 2025/04/29 4:19 a.m.13 views

SQL Injection

@posthog/plugin-server is vulnerable to SQL Injection. The vulnerability is due to the lack of proper validation of a user-supplied string before using it to construct SQL queries, allows attackers to inject malicious SQL code and execute arbitrary commands in the context of the database account...

8CVSS7.9AI score0.00432EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/04/23 6:30 p.m.26 views

PostHog Plugin Server SQL Injection Vulnerability

PostHog ClickHouse Table Functions SQL Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of PostHog. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

8CVSS8.8AI score0.00432EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder