Launch Week Day 1: Announcing Security Design Review
Start for Free
pypi

tornado

View on pypi registry
16 Total advisories
16 Vulnerabilities
0 Malware

Vulnerabilities

LOW 3.7
PyPI

CVE-2026-49854

Tornado has out-of-bounds memory access via C extension
UNKNOWN
PyPI

CVE-2014-9720

CVE-2014-9720
UNKNOWN
PyPI

CVE-2023-28370

CVE-2023-28370
UNKNOWN
PyPI

CVE-2012-2374

CVE-2012-2374
HIGH 7.5
PyPI

CVE-2026-31958

Tornado is vulnerable to DoS due to too many multipart parts
HIGH 7.5
PyPI

CVE-2026-31958

CVE-2026-31958
HIGH 7.2
PyPI

CVE-2026-35536

Tornado has cookie attribute injection via .RequestHandler.set_cookie
MEDIUM 5.4
PyPI

GHSA-78cv-mqj4-43f7

Tornado has incomplete validation of cookie attributes
HIGH 7.5
PyPI

CVE-2025-47287

Tornado vulnerable to excessive logging caused by malformed multipart form data
MEDIUM 6.5
PyPI

GHSA-w235-7p84-xx57

Tornado has a CRLF injection in CurlAsyncHTTPClient headers
HIGH 7.5
PyPI

CVE-2024-52804

Tornado has an HTTP cookie parsing DoS vulnerability
MEDIUM 5.3
PyPI

GHSA-753j-mpmx-qq6g

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') in tornado
MEDIUM 6.1
PyPI

CVE-2023-28370

Open redirect in Tornado
UNKNOWN
PyPI

GHSA-qppv-j76h-2rpx

Tornado vulnerable to HTTP request smuggling via improper parsing of `Content-Length` fields and chunk lengths
HIGH 7.5
PyPI

CVE-2012-2374

Tornado CRLF injection vulnerability
MEDIUM 6.5
PyPI

CVE-2014-9720

Tornado XSRF cookie allows side-channel attack against TLS (BREACH attack)

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes