Lucene search
K
EclipseOpen Vsx

4 matches found

CVE
CVE
added 2025/02/19 8:40 a.m.85 views

CVE-2025-1007

CVE-2025-1007 affects OpenVSX, specifically versions v0.9.0 through v0.20.0. The vulnerability arises in the /user/namespace/{namespace}/details API (and the related /user/namespace/{namespace}/details/logo) where a non-owner/non-contributor user can edit all namespace details (name, description,...

6.9CVSS6.3AI score0.00473EPSS
Web
CVE
CVE
added 2025/06/27 2:57 p.m.33 views

CVE-2025-6705

The CVE-2025-6705 vulnerability affects the Eclipse Open VSX Registry, specifically its automated publishing system. The issue stems from build scripts executing without proper isolation, potentially exposing a privileged token that could be used to publish new extension versions under any namesp...

7.6CVSS6.5AI score0.00224EPSS
CVE
CVE
added 2026/07/01 11:28 a.m.30 views

CVE-2026-13323

Vulnerability CVE-2026-13323 affects Open VSX Registry before 1.0.2. The /vscode/unpkg/ endpoint serves user-supplied HTML without CSP or Content-Disposition headers, enabling a publisher to upload a crafted VSIX and lure authenticated users to visit the URL. This inline rendering in the open-vsx...

8.7CVSS5.8AI score0.0019EPSS
CVE
CVE
added 2026/06/23 10:50 a.m.22 views

CVE-2026-4983

CVE-2026-4983 affects the Open VSX Registry where SVG icons uploaded as extensions are not sanitized before storage and are served as image/svg+xml without security headers. This enables stored cross-site scripting (XSS) when users navigate to the icon URL. The impact differs by deployment: on lo...

5.4CVSS5.9AI score0.00226EPSS