A critical vulnerability in Open VSX Registry could allow attackers to control VS Code extensions, threatening millions of developers.