Browse all 6 CVE security advisories affecting gristlabs. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Gristlabs develops a collaborative data platform for teams to build, analyze, and share spreadsheets and databases. Historically, their products have faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation issues. The company maintains a moderate security posture with six CVEs recorded, primarily affecting authentication mechanisms and input validation. While no major public security incidents have been documented, their codebase has shown susceptibility to both client-side and server-side exploits. Gristlabs typically addresses findings through timely patches, though their historical vulnerability profile suggests continued focus on secure coding practices would benefit their users.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-24002 | pyodide sandbox option is insecure — grist-coreCWE-74 | 9.1 | Critical | 2026-01-22 |
| CVE-2025-64753 | grist-core has insufficient access control in endpoints for comparisons between documents and versions — grist-coreCWE-863 | 5.3 | Medium | 2025-11-13 |
| CVE-2025-64752 | grist-core has path to server-side requests via websocket — grist-coreCWE-918 | 6.8 | Medium | 2025-11-13 |
| CVE-2024-56359 | Cross-site Scripting vulnerability through HyperLink cells in grist-core — grist-coreCWE-79 | 8.1 | High | 2024-12-20 |
| CVE-2024-56358 | Cross-site Scripting vulnerability through svg attachment previews in grist-core — grist-coreCWE-79 | 8.1 | High | 2024-12-20 |
| CVE-2024-56357 | Cross-site Scripting vulnerability through custom widget URLs and form redirect URLs in grist-core — grist-coreCWE-79 | 8.1 | High | 2024-12-20 |
This page lists every published CVE security advisory associated with gristlabs. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.