tornado vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
GHSA-PW6J-QG29-8W7FMediumtornado: Tornado: CurlAsyncHTTPClient leaks per-request credentials on handle reuseCVE-2026-49853Hightornado: Tornado: Authorization header forwarded across cross-origin redirects in SimpleAsyncHTTPClientCVE-2026-49855Hightornado: tornado AsyncHTTPClient accumulates decompressed chunks without size limit (gzip bomb)CVE-2026-49854Lowtornado: Tornado has out-of-bounds memory access via C extensionCVE-2026-35536Hightornado: Tornado has cookie attribute injection via .RequestHandler.set_cookieCVE-2026-31958Hightornado: Tornado is vulnerable to DoS due to too many multipart partsGHSA-78CV-MQJ4-43F7Mediumtornado: Tornado has incomplete validation of cookie attributesCVE-2025-47287Hightornado: Tornado vulnerable to excessive logging caused by malformed multipart form dataCVE-2024-52804Hightornado: Tornado has an HTTP cookie parsing DoS vulnerabilityGHSA-W235-7P84-XX57Mediumtornado: Tornado has a CRLF injection in CurlAsyncHTTPClient headersGHSA-753J-MPMX-QQ6GMediumtornado: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') in tornadoGHSA-QPPV-J76H-2RPXMediumtornado: Tornado vulnerable to HTTP request smuggling via improper parsing of `Content-Length` fields and…CVE-2023-28370Mediumtornado: Open redirect in TornadoCVE-2014-9720Hightornado: Tornado XSRF cookie allows side-channel attack against TLS (BREACH attack)CVE-2012-2374Hightornado: Tornado CRLF injection vulnerability

Stop the waste.
Protect your environment with Kodem.