Open VSX Registry

CVEs (2)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2026-4983	Eclipse Open VSX Registry		0.00	—	—		Jun 23, 2026	Open VSX Registry does not sanitize SVG files uploaded as extension icons prior to storage, and serves them with Content-Type: image/svg+xml without security headers such as Content-Security-Policy or Content-Disposition: attachment. This allows an attacker to publish an…
CVE-2025-6705	Eclipse Open VSX Registry		0.00	—	0.00		Jun 27, 2025	A vulnerability in the Eclipse Open VSX Registry’s automated publishing system could have allowed unauthorized uploads of extensions. Specifically, the system’s build scripts were executed without proper isolation, potentially exposing a privileged token. This token enabled…

CVE-2026-4983Jun 23, 2026
Eclipse
Open VSX Registry
risk 0.00cvss —epss —
Open VSX Registry does not sanitize SVG files uploaded as extension icons prior to storage, and serves them with Content-Type: image/svg+xml without security headers such as Content-Security-Policy or Content-Disposition: attachment. This allows an attacker to publish an…
CVE-2025-6705Jun 27, 2025
Eclipse
Open VSX Registry
risk 0.00cvss —epss 0.00
A vulnerability in the Eclipse Open VSX Registry’s automated publishing system could have allowed unauthorized uploads of extensions. Specifically, the system’s build scripts were executed without proper isolation, potentially exposing a privileged token. This token enabled…