Every CVE whose affected-product data names Eclipse Open Vsx, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2025-1007 — CVSS 5.3 (medium): In OpenVSX version v0.9.0 to v0.20.0, the /user/namespace/{namespace}/details API allows a user to edit all namespace details, even if the…
CVE-2025-6705 — CVSS 5.3 (medium): A vulnerability in the Eclipse Open VSX Registry’s automated publishing system could have allowed unauthorized uploads of extensions…
CVE-2026-13323 — CVSS 4.1 (medium): In Open VSX Registry before 1.0.2, the /vscode/unpkg/ endpoint serves user-supplied HTML files with Content-Type: text/html and without a…
CVE-2026-4983 — CVSS 4.1 (medium): Open VSX Registry does not sanitize SVG files uploaded as extension icons prior to storage, and serves them with Content-Type…