Open VSX

Open VSX security update - October 2025

Monday, October 27, 2025 - 16:38 by Anonymous (not verified)

Over the past few weeks, the Open VSX team and the Eclipse Foundation have been responding to reports of leaked tokens and related malicious activity involving certain extensions hosted on the Open VSX Registry.

Eclipse Open VSX Registry Security Advisory

Wednesday, July 2, 2025 - 12:07 by Natalia Loungou

A vulnerability in the Eclipse Open VSX Registry’s automated publishing system could have allowed unauthorized extension uploads. It did not affect existing extensions or admin functions.

The issue was reported on May 4, 2025, fully fixed by June 24, and followed by a complete audit. No evidence of compromise was found, but 81 extensions were proactively deactivated as a precaution.

The Open VSX Registry, a Vendor-Neutral Open Source Alternative to the Visual Studio Marketplace, Gets its Own Working Group at the Eclipse Foundation

Tuesday, June 27, 2023 - 06:30 by Jacob Harris

The mission of the new working group will be to manage and accelerate adoption of the Open VSX Registry, a vendor-neutral, community-supported alternative to the Microsoft Visual Studio Marketplace.

Image for
<span>The Open VSX Registry, a Vendor-Neutral Open Source Alternative to the Visual Studio Marketplace, Gets its Own Working Group at the Eclipse Foundation</span>
News item.

Subscribe to Open VSX