Cursor is currently stuck using an outdated snapshot of the VSCode Marketplace, meaning several extensions within Cursor remain affected by high-severity CVEs that have already been patched upstream in VSCode. As a result, Cursor users unknowingly remain vulnerable to known security issues.
This issue has been acknowledged but remains unresolved: https://github.com/getcursor/cursor/issues/1602#issuecomment-2654870021
Given Cursor's rising popularity, users should be aware of this gap in security updates. Until the Cursor team resolves the marketplace sync issue, caution is advised when using certain extensions.
Has anyone else encountered security concerns or has further insights on mitigating risks until this is resolved?
This issue has been acknowledged but remains unresolved: https://github.com/getcursor/cursor/issues/1602#issuecomment-2654870021
Given Cursor's rising popularity, users should be aware of this gap in security updates. Until the Cursor team resolves the marketplace sync issue, caution is advised when using certain extensions.
Has anyone else encountered security concerns or has further insights on mitigating risks until this is resolved?