That's what I thought too, but the article says it was submitted to ZDI and they handled the communication with Posthog

All of these vulnerabilities accepted by ZDI.Feel free to search the following codes. ZDI-CAN-25351. ZDI-CAN-25352. ZDI-CAN-25350. ZDI-CAN-25358.