Cybersecurity researchers from Koi Security have disclosed a critical vulnerability in the Open VSX Registry, an open-source alternative to the Visual Studio Marketplace for VS Code extensions. This vulnerability, if successfully exploited, could have allowed attackers to gain full control over the entire marketplace, enabling them to publish malicious updates to every extension hosted on Open VSX. This would have posed a severe supply chain risk, potentially compromising millions of developer machines, as nearly every time an extension is installed or updated, the action is routed through Open VSX.
The root of the vulnerability was traced to a misconfiguration in the GitHub Actions workflow within the publish-extensions repository, which is used to publish open-source VS Code extensions to open-vsx.org. This misconfiguration gave attackers the ability to take over the marketplace and silently deliver harmful updates to all extensions, without requiring any action from end users.
The vulnerability was responsibly disclosed to the Open VSX maintainers on May 4, 2025. Multiple rounds of fixes were proposed and tested before the final patch was deployed on June 25, 2025. The widespread adoption of Open VSX—used by popular code editors such as Cursor, Windsurf, Google Cloud Shell Editor, and Gitpod—amplifies the potential impact, making a compromise of Open VSX a supply-chain “nightmare scenario,” as described by Koi Security researcher Oren Yomtov.
This incident highlights the escalating risks associated with automatic extension updates and the highly privileged access that extensions often have within developer environments. It also underscores the importance of robust security practices in CI/CD pipelines and extension marketplaces, especially as third-party extensions are rarely regulated as strictly as core software dependencies.
