We take the security of Codesphere seriously. Given that Codesphere is a distribution of VS Code, vulnerabilities can exist either at the distribution layer (our scripts and configurations) or the core IDE layer.

Please do not open public issues for security vulnerabilities. Instead, send a detailed report to our security contact (e.g., security@codesphere-ide.org or via GitHub Private Vulnerability Reporting if enabled).

Your report should include:

• A description of the vulnerability.
• Steps to reproduce (Proof of Concept).
• Potential impact.

We support the latest release of Codesphere based on the current stable version of VSCodium. We recommend all users keep their IDE up-to-date to benefit from upstream security patches.

One of the primary goals of Codesphere is to eliminate third-party telemetry. If you discover a previously unknown network connection to a corporate endpoint, we treat this as a high-priority privacy bug.

Codesphere: Built for developers who value security and sovereignty.