39 matches found
MAL-2025-190873 Malicious code in @posthog/automatic-cohorts-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6bf3963e4ab04b6b37d6cbb3f237a7b5577ddd854a7249a30f8b78dcc063af97 The package @posthog/automatic-cohorts-plugin was found to contain malicious code. Source: google-open-source-security...
EUVD-2025-198948
Malicious code in @posthog/event-sequence-timer-plugin npm...
EUVD-2025-198952
Malicious code in @posthog/automatic-cohorts-plugin npm...
Malicious code in @posthog/url-normalizer-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3af45430785d7a562e6a3ccfe29b377e17c6c71d4bbcefa7a8e4fc67e95977c8 The package @posthog/url-normalizer-plugin was found to contain malicious code. Source: google-open-source-security...
EUVD-2025-198951
Malicious code in @posthog/currency-normalization-plugin npm...
MAL-2025-190881 Malicious code in @posthog/gitub-star-sync-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4be422ec924addbeb23c34a8b3305835feb3d665ab57afdc1450734d0b10f5a4 The package @posthog/gitub-star-sync-plugin was found to contain malicious code. Source: google-open-source-security...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview @posthog/plugin-server is a PostHog Plugin Server Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malwa...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Malicious code in posthog-plugin-hello-world (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 411e53a1772704343ddb3da6957e8e0ee4e8167ec93030bf27e2247081fddc61 The package posthog-plugin-hello-world was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-198737
Malicious code in posthog-plugin-hello-world npm...
MAL-2025-190778 Malicious code in posthog-plugin-hello-world (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 411e53a1772704343ddb3da6957e8e0ee4e8167ec93030bf27e2247081fddc61 The package posthog-plugin-hello-world was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-198757
Malicious code in @posthog/plugin-contrib npm...
Malicious code in @posthog/plugin-contrib (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector afcd017c0dad0f7c8771c40b6fbc9308cf19b77a704f62856696156fb3cf156b The package @posthog/plugin-contrib was found to contain malicious code. Source: ghsa-malware...
MAL-2025-190751 Malicious code in @posthog/plugin-contrib (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector afcd017c0dad0f7c8771c40b6fbc9308cf19b77a704f62856696156fb3cf156b The package @posthog/plugin-contrib was found to contain malicious code. Source: ghsa-malware...
SQL Injection
@posthog/plugin-server is vulnerable to SQL Injection. The vulnerability is due to the lack of proper validation of a user-supplied string before using it to construct SQL queries, allows attackers to inject malicious SQL code and execute arbitrary commands in the context of the database account...
PostHog Plugin Server SQL Injection Vulnerability
PostHog ClickHouse Table Functions SQL Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of PostHog. Authentication is required to exploit this vulnerability. The specific flaw exists within the...