Cursor is currently stuck using an outdated snapshot of the VSCode Marketplace, meaning several extensions within Cursor remain affected by high-severity CVEs that have already been patched upstream in VSCode. As a result, Cursor users unknowingly remain vulnerable to known security issues.<p>This issue has been acknowledged but remains unresolved: https://github.com/getcursor/cursor/issues/1602#issuecomment-2654870021<p>Given Cursor's rising popularity, users should be aware of this gap in security updates. Until the Cursor team resolves the marketplace sync issue, caution is advised when using certain extensions.<p>Has anyone else encountered security concerns or has further insights on mitigating risks until this is resolved?