org.webjars.npm:rrweb (=1.0.7), org.webjars.npm:rrweb-player (=0.7.9) potentially affected by CVE-2025-45806 via org.webjars.npm:rrweb-snapshot (=1.1.10)

org.webjars.npm:rrweb-snapshot MAVEN version =1.1.10 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:rrweb-snapshot and may be impacted: - org.webjars.npm:rrweb =1.0.7 - org.webjars.npm:rrweb-player =0.7.9 Source cves: CVE-2025-45806...

Malicious code in @posthog/react-rrweb-player (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7639d9bf4c377c1cb1bd2839d92cdc3ebdab0abb25b93f6b79914fc02634c2b4 The package @posthog/react-rrweb-player was found to contain malicious code. Source: google-open-source-security...

EUVD-2025-198934

Malicious code in @posthog/rrweb-player npm...

Malicious code in @posthog/rrweb-player (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7d82edc82839a426c18772dee75ba0a7a9601a053fa6a20b3e7e4b48ac3768d9 The package @posthog/rrweb-player was found to contain malicious code. Source: google-open-source-security...

MAL-2025-190891 Malicious code in @posthog/rrweb-player (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7d82edc82839a426c18772dee75ba0a7a9601a053fa6a20b3e7e4b48ac3768d9 The package @posthog/rrweb-player was found to contain malicious code. Source: google-open-source-security...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...