Gristlabs Grist-core
6 CVEs affecting Gristlabs Grist-core. Latest disclosed: 2026-01-22. Critical: 1, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-24002 | Critical | 9.0 | 2026-01-22 | Grist is spreadsheet software using Python as its formula language. Grist offers several methods for running those formulas in a sandbox, for cases where the u… |
CVE-2024-56359 | High | 8.1 | 2024-12-20 | grist-core is a spreadsheet hosting server. A user visiting a malicious document and clicking on a link in a HyperLink cell using a control modifier (meaning f… |
CVE-2024-56358 | High | 8.1 | 2024-12-20 | grist-core is a spreadsheet hosting server. A user visiting a malicious document and previewing an attachment could have their account compromised, because Jav… |
CVE-2024-56357 | High | 8.1 | 2024-12-20 | grist-core is a spreadsheet hosting server. A user visiting a malicious document or submitting a malicious form could have their account compromised, because i… |
CVE-2025-64752 | Medium | 6.8 | 2025-11-13 | grist-core is a spreadsheet hosting server. Prior to version 1.7.7, a user with access to any document on a Grist installation can use a feature for fetching f… |
CVE-2025-64753 | Medium | 5.3 | 2025-11-13 | grist-core is a spreadsheet hosting server. Prior to version 1.7.7, a user with only partial read access to a document could still access endpoints listing has… |