npm package
@posthog/plugin-server
pkg:npm/%40posthog/plugin-server
Malware
2 malicious versions on record
One or more versions of this package have been flagged as containing malicious code. Audit any system that installed an affected version.
- MAL-2025-190947Malicious code in @posthog/plugin-server (npm)Nov 24, 2025
- GHSA-2h4r-hgjf-w9whMalware in @posthog/plugin-serverNov 24, 2025
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-1520 | — | <= 1.10.7 | — | Apr 23, 2025 | PostHog ClickHouse Table Functions SQL Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of PostHog. Authentication is required to exploit this vulnerability. The specific flaw |
- CVE-2025-1520Apr 23, 2025affected <= 1.10.7
PostHog ClickHouse Table Functions SQL Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of PostHog. Authentication is required to exploit this vulnerability. The specific flaw