tornadoweb — Vulnerabilities & Security Advisories 8

Browse all 8 CVE security advisories affecting tornadoweb. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by tornadoweb:Tornado

CVE ID	Title	CVSS	Severity	Published
CVE-2026-35536	Tornado 安全漏洞 — TornadoCWE-159	7.2	High	2026-04-03
CVE-2026-31958	Tornado has a DoS due to too many multipart parts — tornadoCWE-400	6.5^AI	Medium^AI	2026-03-11
CVE-2025-67726	Tornado is Vulnerable to Quadratic DoS via Crafted Multipart Parameters — tornadoCWE-834	7.5	High	2025-12-12
CVE-2025-67725	Tornado is Vulnerable to Quadratic DoS via Repeated Header Coalescing — tornadoCWE-400	7.5	High	2025-12-12
CVE-2025-67724	Tornado vulnerable to Header Injection and XSS via reason argument — tornadoCWE-79	5.4	Medium	2025-12-12
CVE-2025-47287	Tornado vulnerable to excessive logging caused by malformed multipart form data — tornadoCWE-770	7.5	High	2025-05-15
CVE-2024-52804	Tornado has HTTP cookie parsing DoS vulnerability — tornadoCWE-400	7.5	High	2024-11-22
CVE-2023-28370	Tornado 输入验证错误漏洞 — Tornado	6.1	-	2023-05-25

This page lists every published CVE security advisory associated with tornadoweb. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

tornadoweb — Vulnerabilities & Security Advisories 8