Lucene search
K

276 matches found

Veracode
Veracode
added 2026/06/12 3:22 a.m.17 views

Information Exposure

Element Call is vulnerable to Information Exposure. The vulnerability is due to analytics data including full page URLs and URL fragments being sent to a configured PostHog server, which allows an attacker with access to the analytics data to obtain sensitive information such as call encryption...

5.2AI score0.00023EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/11 1:26 p.m.8 views

GHSA-6VHH-4XW6-H2H2 Element Call reports full URLs of visited pages to analytics server

Impact Element Call versions 0.5.17 through 0.19.3 report analytics data to a PostHog server, when configured to by a posthog key in config.json or by the posthogApiHost and posthogApiKey URL parameters. Several fields of this data $initialpersoninfo, $sessionentryurl, and $currenturl were found ...

8.6CVSS5.5AI score0.00023EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/11 1:26 p.m.13 views

Element Call reports full URLs of visited pages to analytics server

Impact Element Call versions 0.5.17 through 0.19.3 report analytics data to a PostHog server, when configured to by a posthog key in config.json or by the posthogApiHost and posthogApiKey URL parameters. Several fields of this data $initialpersoninfo, $sessionentryurl, and $currenturl were found ...

5.5AI score0.00023EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.18 views

PT-2026-48683

Impact Element Call versions 0.5.17 through 0.19.3 report analytics data to a PostHog server, when configured to by a posthog key in config.json or by the posthogApiHost and posthogApiKey URL parameters. Several fields of this data $initial person info, $session entry url, and $current url were...

8.6CVSS5.5AI score0.00023EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/09 9:12 a.m.7 views

CVE-2022-0645

Open redirect vulnerability via endpoint authorizeandredirect/?redirect= in GitHub repository posthog/posthog prior to 1.34.1...

6.1CVSS6.9AI score0.00787EPSS
Exploits1References1
vulnersOsv
vulnersOsv
added 2025/11/27 3:49 p.m.6 views

@medusajs/medusa (>=2.10.0 <=2.11.4-preview-20251124032825), @medusajs/medusa-oas-cli (>=2.10.0 <=2.11.4-preview-20251124000311) potentially affected by unknown CVE via @medusajs/analytics-posthog (>=2.10.0-preview-20250818120145 <=2.11.4-preview-20251124032825)

@medusajs/analytics-posthog NPM version =2.10.0-preview-20250818120145, =2.10.0, =2.10.0, =2.11.4-preview-20251124000311 Source cves: unknown CVE Source advisory: SNYK:JS-MEDUSAJSANALYTICSPOSTHOG-14137959...

5.8AI score
Exploits0
Snyk
Snyk
added 2025/11/27 3:49 p.m.3 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The package was flagged as malicious during the Sha1-hulud supply chain attack. Although the Sha1-hulud IoCs are not present within the package, the contents of the affected version were removed from the officia...

9.8CVSS6.8AI score
Exploits0References3
EUVD
EUVD
added 2025/11/26 4:39 a.m.2 views

EUVD-2025-199706

Malicious code in org.mvnpm:posthog-node Maven...

6.6AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/26 4:39 a.m.14 views

Malicious code in org.mvnpm:posthog-node (Maven)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security ea90a5928d7667bed4fa9f6effbbe6c8d3ad6521ca51ca2b01551bc02373a7d2 This package was compromised by the Sha1-Hulud: The Second Coming NPM worm. The malicious payload steals tokens and credentials and...

6.9AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/25 12:16 a.m.9 views

Malicious code in @posthog/postgres-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 10be24eebbc464a61788d5c151ce03171d4abe4b1cd7f27972fef642fc46deda The package @posthog/postgres-plugin was found to contain malicious code. Source: google-open-source-security...

6.9AI score
Exploits0References3
EUVD
EUVD
added 2025/11/25 12:16 a.m.4 views

EUVD-2025-199449

Malicious code in @posthog/filter-out-plugin npm...

6.6AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/25 12:16 a.m.7 views

Malicious code in @posthog/heartbeat-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4b0402071ebf395126c5e1e90681622f203d9744eca75a1f2061a6a2d030cdcc The package @posthog/heartbeat-plugin was found to contain malicious code. Source: google-open-source-security...

6.9AI score
Exploits0References3
OSV
OSV
added 2025/11/25 12:16 a.m.6 views

MAL-2025-191297 Malicious code in @posthog/netdata-event-processing (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3f3fdd5fe90ae01310b329b8e4892a4e79799685cdb45682fd4de592b402710e The package @posthog/netdata-event-processing was found to contain malicious code. Source: google-open-source-security...

6.8AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/25 12:16 a.m.6 views

Malicious code in @posthog/filter-out-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e29182ef33e7d24b6f775624daaa2eb546ce24fe4d768adf7c561c4e7084d5ff The package @posthog/filter-out-plugin was found to contain malicious code. Source: google-open-source-security...

6.9AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/25 12:16 a.m.5 views

Malicious code in @posthog/intercom-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 12c972a0fa0f1cf26c3a80f626651c44d7d2b9021694b8e4f965ff35b56b0429 The package @posthog/intercom-plugin was found to contain malicious code. Source: google-open-source-security...

6.9AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/25 12:16 a.m.8 views

Malicious code in @posthog/migrator3000-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 167c869b66ffcf5a12e4b451a8ae145840f5fc470da42eb760bd519b48246f71 The package @posthog/migrator3000-plugin was found to contain malicious code. Source: google-open-source-security...

6.9AI score
Exploits0References3
EUVD
EUVD
added 2025/11/25 12:16 a.m.3 views

EUVD-2025-199447

Malicious code in @posthog/icons npm...

6.6AI score
Exploits0References3
EUVD
EUVD
added 2025/11/25 12:16 a.m.2 views

EUVD-2025-199444

Malicious code in @posthog/lemon-ui npm...

6.6AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/25 12:16 a.m.17 views

Malicious code in posthog-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2b422f278bf27e062b349e97360b6919e773122f21656f23d6da583ce7cb1a92 The package posthog-js was found to contain malicious code. Source: google-open-source-security...

6.9AI score
Exploits0References3
OSV
OSV
added 2025/11/25 12:16 a.m.3 views

MAL-2025-191295 Malicious code in @posthog/lemon-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bba1e7fb74f376bd3b56d7c910331af7b46fa8c392e697e08f858b837112e061 The package @posthog/lemon-ui was found to contain malicious code. Source: google-open-source-security...

6.8AI score
Exploits0References3
Rows per page
Query Builder