Skip to content

QuantumScan

PostHog/posthog

PostHog/posthog
42
risk score
4 findings · 200 files scanned

PostHog uses MD5 for hashing in production STL cryptographic utilities, which is quantum-vulnerable under Grover's algorithm (reduced to 64-bit security). JWT authentication in enterprise edition uses RS256, which will be completely broken by Shor's algorithm on quantum computers within 5–15 years. No immediate cryptographic compromise, but HNDL (Harvest Now, Decrypt Later) risk exists for any long-lived session tokens or signed artifacts.

Recent findings
FileAlgorithmSeverity
common/hogvm/python/stl/crypto.py:22MD5criticalBusiness impact 65
common/hogvm/python/stl/crypto.py:18MD5criticalBusiness impact 60
common/hogvm/python/stl/__init__.py:15MD5criticalBusiness impact 55
ee/api/agentic_provisioning/test/base.py:40JWT quantum-vulnerable algorithmhighBusiness impact 18
Exposure by language
Python4 · 100%
Compliance mapping
DORA
Partial
NIS2
OK
CNSA2
Gap
NIST PQC
Partial
Exports for compliance
Share read-only link

Anyone with this link can view the risk score and top findings — no sign-in required. Source code stays private.

https://quantumscan.io/en/share/efee0092-fd8d-4f1a-abf2-1a51690de8e0
Add a badge to your README

Show your project's post-quantum readiness in the README. The badge updates automatically after every new scan.

Preview

Post-Quantum Readiness
Markdown
[![Post-Quantum Readiness](https://quantumscan.io/api/badge/PostHog/posthog.svg)](https://github.com/PostHog/posthog)
HTML
<a href="https://github.com/PostHog/posthog"><img src="https://quantumscan.io/api/badge/PostHog/posthog.svg" alt="Post-Quantum Readiness" /></a>

Add badge to your README

Show your quantum-safety score directly on GitHub.

QuantumScan badge preview
[![QuantumScan](https://quantumscan.io/api/badge/PostHog/posthog.svg)](https://quantumscan.io/en/scan/efee0092-fd8d-4f1a-abf2-1a51690de8e0)

Save your results & track future changes

Create a free account to get drift alerts, compliance PDF exports, and scan history.

  • Weekly drift alerts when new vulnerabilities appear
  • Track risk score over time across all your repos
  • Export DORA / NIS2 compliance PDF for auditors

Free forever for design partners · No credit card