tornadoweb
Security Risk Profile
40
/100
mediumSecurity Risk Score
Comprehensive risk assessment based on 10 vulnerabilities, EPSS scores, exploitation status, and remediation availability.
📅 Data spans from May 23, 2012 to present
10
Total CVEs
7
Critical+High
0
Exploited
0
Unpatched
Threat Assessment
Avg CVSS
7.2
Base severity
Avg EPSS
0%
Exploit probability
Unpatched
0
Critical/High
Risk Level
40/100
medium
Severity Distribution
Critical
0High
7Medium
3Low
0Exploit Likelihood
>50% chance
020-50%
05-20%
0<5%
2Age Distribution
Common Weaknesses (CWE)
1
XSS
1
2
CSRF
1
3
Input Validation
1
4
CRLF Injection
1
Most Affected Products
1. tornadoweb tornado19
2. pip/tornado7
3. pypi/tornado4
4. IBM Watson Studio on Cloud Pak for Data2
5. debian/python-tornado2
Recent Vulnerabilities
See more →CVE-2026-35536
CVSS 7.2high
4/3/2026
CVE-2026-31958
CVSS 8.7EPSS 0%high
Tornado has a DoS due to too many multipart parts
3/11/2026
CVE-2025-67726
CVSS 7.5high
Tornado is Vulnerable to Quadratic DoS via Crafted Multipart Parameters
12/12/2025
CVE-2025-67725
CVSS 7.5high
Tornado is Vulnerable to Quadratic DoS via Repeated Header Coalescing
12/12/2025
CVE-2025-67724
CVSS 6.1medium
Tornado vulnerable to Header Injection and XSS via reason argument
12/12/2025
CVE-2025-47287
CVSS 7.5EPSS 0%high
Tornado vulnerable to excessive logging caused by malformed multipart form data
5/15/2025
CVE-2024-52804
CVSS 7.5high
Tornado has HTTP cookie parsing DoS vulnerability
11/22/2024
CVE-2023-28370
CVSS 6.1medium
5/25/2023
CVE-2014-9720
CVSS 6.5medium
5/19/2015
CVE-2012-2374
CVSS 7.5high
5/23/2012
Monitor tornadoweb in Real-Time
Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.