Skip to main content

Posthog

6 CVEs product

Monthly

CVE-2025-1522 MEDIUM PATCH This Month

PostHog database_schema Server-Side Request Forgery Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Information Disclosure SSRF Posthog
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-1521 MEDIUM PATCH This Month

PostHog slack_incoming_webhook Server-Side Request Forgery Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Information Disclosure SSRF Posthog
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2025-1520 npm HIGH PATCH MAL This Week

PostHog ClickHouse Table Functions SQL Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity.

RCE SQLi Posthog
NVD GitHub
CVSS 3.1
8.0
EPSS
0.2%
CVE-2024-9710 HIGH PATCH This Week

PostHog database_schema Server-Side Request Forgery Information Disclosure Vulnerability. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Information Disclosure Posthog
NVD GitHub
CVSS 3.1
8.3
EPSS
0.7%
CVE-2023-46746 MEDIUM PATCH This Month

PostHog provides open-source product analytics, session recording, feature flagging and A/B testing that you can self-host. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Posthog
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-0645 MEDIUM POC PATCH This Month

Open redirect vulnerability via endpoint authorize_and_redirect/?redirect= in GitHub repository posthog/posthog prior to 1.34.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Posthog
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

PostHog database_schema Server-Side Request Forgery Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Information Disclosure SSRF Posthog
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

PostHog slack_incoming_webhook Server-Side Request Forgery Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Information Disclosure SSRF Posthog
NVD GitHub
EPSS 0% CVSS 8.0
HIGH PATCH This Week

PostHog ClickHouse Table Functions SQL Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity.

RCE SQLi Posthog
NVD GitHub
EPSS 1% CVSS 8.3
HIGH PATCH This Week

PostHog database_schema Server-Side Request Forgery Information Disclosure Vulnerability. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Information Disclosure Posthog
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

PostHog provides open-source product analytics, session recording, feature flagging and A/B testing that you can self-host. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Posthog
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

Open redirect vulnerability via endpoint authorize_and_redirect/?redirect= in GitHub repository posthog/posthog prior to 1.34.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Posthog
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy