| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-24002 | pyodide sandbox option is insecure | gristlabs | grist-core | Critical | 9.0 | 2026-01-22 02:26:29 | Deep Dive |
| CVE-2025-64753 | grist-core has insufficient access control in endpoints for comparisons between documents and versions | gristlabs | grist-core | Medium | 5.3 | 2025-11-13 21:46:01 | Deep Dive |
| CVE-2025-64752 | grist-core has path to server-side requests via websocket | gristlabs | grist-core | Medium | 6.8 | 2025-11-13 21:43:58 | Deep Dive |
| CVE-2024-56359 | Cross-site Scripting vulnerability through HyperLink cells in grist-core | gristlabs | grist-core | High | 8.1 | 2024-12-20 20:24:56 | Deep Dive |
| CVE-2024-56358 | Cross-site Scripting vulnerability through svg attachment previews in grist-core | gristlabs | grist-core | High | 8.1 | 2024-12-20 20:24:54 | Deep Dive |
| CVE-2024-56357 | Cross-site Scripting vulnerability through custom widget URLs and form redirect URLs in grist-core | gristlabs | grist-core | High | 8.1 | 2024-12-20 20:24:51 | Deep Dive |