Malicious code in @posthog/plugin-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cbacde545c940abfe63a0667580ea37cfc021d6b3e25094b71e23273cd899e1b The package @posthog/plugin-server was found to contain malicious code. Source: ghsa-malware...

MAL-2025-190947 Malicious code in @posthog/plugin-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cbacde545c940abfe63a0667580ea37cfc021d6b3e25094b71e23273cd899e1b The package @posthog/plugin-server was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-199096

Malicious code in @posthog/plugin-server npm...

Embedded Malicious Code

Overview @posthog/plugin-server is a PostHog Plugin Server Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malwa...

SQL Injection

@posthog/plugin-server is vulnerable to SQL Injection. The vulnerability is due to the lack of proper validation of a user-supplied string before using it to construct SQL queries, allows attackers to inject malicious SQL code and execute arbitrary commands in the context of the database account...

PostHog Plugin Server SQL Injection Vulnerability

PostHog ClickHouse Table Functions SQL Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of PostHog. Authentication is required to exploit this vulnerability. The specific flaw exists within the...