Critical Open VSX Flaw Exposes Developers to Supply Chain Attacks
A significant vulnerability has been identified in the Open VSX Registry, a popular open-source alternative to Microsoft’s Visual Studio Marketplace. This flaw could have allowed attackers to gain control over the entire Visual Studio Code (VS Code) extensions marketplace, posing a severe risk to millions of developers worldwide.
The Open VSX Registry, maintained by the Eclipse Foundation, serves as a repository for VS Code extensions. It’s integrated into various code editors, including Cursor, Windsurf, Google Cloud Shell Editor, and Gitpod. This widespread adoption means that any compromise of Open VSX could have far-reaching implications.
The vulnerability was discovered by Koi Security researcher Oren Yomtov. It resided in the publish-extensions repository, which includes scripts to publish open-source VS Code extensions to open-vsx.org. Developers could request their extensions to be auto-published by submitting a pull request to add them to the extensions.json file in the repository. Once approved and merged, a GitHub Actions workflow would run daily to publish these extensions to the registry.
The critical issue was that this workflow ran with privileged credentials, including a secret token (OVSX_PAT) of the @open-vsx service account. This token had the power to publish or overwrite any extension in the marketplace. The workflow executed npm install, which runs arbitrary build scripts of all the auto-published extensions and their dependencies, while providing them access to the OVSX_PAT environment variable. This setup made it possible for an attacker to obtain the @open-vsx account’s token, granting them privileged access to the Open VSX Registry. With this access, an attacker could publish new extensions or tamper with existing ones to insert malicious code.
The potential consequences of this vulnerability are alarming. Every time an extension is installed or updated, these actions go through Open VSX. A compromised registry could lead to the distribution of malicious extensions, affecting millions of developers and their projects.
Following responsible disclosure on May 4, 2025, multiple rounds of fixes were proposed by the maintainers. A final patch was deployed on June 25, 2025, to address the issue. The Eclipse Foundation has since implemented additional security measures to prevent similar vulnerabilities in the future.
This incident underscores the importance of securing software supply chains. Extensions are unvetted software dependencies with privileged access, and they deserve the same diligence as any package from repositories like PyPI, npm, or GitHub. If left unchecked, they create a sprawling, invisible supply chain that attackers can exploit.
Developers are advised to exercise caution when installing extensions and to verify their sources. It’s crucial to stay informed about potential vulnerabilities and to apply updates promptly to mitigate risks.
