CVE-2025-1007

In OpenVSX version v0.9.0 to v0.20.0, the/user/namespace/{namespace}/details API allows a user to edit allnamespace details, even if the user is not a namespace Owner orContributor. The details include: name, description, website, supportlink and social media links. The same issues existed in/user/...

CVE-2025-6705

A vulnerability in the Eclipse Open VSX Registry’s automated publishing system could have allowed unauthorized uploads of extensions. Specifically, the system’s build scripts were executed without proper isolation, potentially exposing a privileged token. This token enabled the publishing of new ex...