Browse all 7 CVE security advisories affecting PostHog. AI-powered Chinese analysis, POCs, and references for each vulnerability.
PostHog provides product analytics and feature flagging capabilities for development teams. Historically, the platform has been susceptible to cross-site scripting (XSS), remote code execution (RCE), and privilege escalation vulnerabilities, with seven CVEs documented to date. Security researchers have identified issues in API endpoints, user input handling, and session management that could allow unauthorized access or code execution. While no major public security incidents have been widely reported, the consistent discovery of vulnerabilities in analytics and feature management tools highlights the importance of regular security assessments and prompt patching for organizations implementing such solutions.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-1522 | PostHog database_schema Server-Side Request Forgery Information Disclosure Vulnerability — PostHogCWE-918 | 6.5 | - | 2025-04-23 |
| CVE-2025-1521 | PostHog slack_incoming_webhook Server-Side Request Forgery Information Disclosure Vulnerability — PostHogCWE-918 | 6.5 | - | 2025-04-23 |
| CVE-2025-1520 | PostHog ClickHouse Table Functions SQL Injection Remote Code Execution Vulnerability — PostHogCWE-89 | 8.0 | - | 2025-04-23 |
| CVE-2024-9710 | PostHog database_schema Server-Side Request Forgery Information Disclosure Vulnerability — PostHogCWE-918 | 6.5 | - | 2024-11-22 |
| CVE-2023-46746 | Authenticated PostHog users vulnerable to SSRF — posthogCWE-918 | 4.8 | Medium | 2023-12-01 |
| CVE-2023-32325 | Cross-site scripting in PostHog-js — posthog-jsCWE-79 | 5.4 | Medium | 2023-05-26 |
| CVE-2022-0645 | Open redirect vulnerability via endpoint authorize_and_redirect/?redirect= in posthog/posthog — posthog/posthogCWE-601 | 6.1 | - | 2022-04-19 |
This page lists every published CVE security advisory associated with PostHog. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.