Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/python-tornado@6.2.0-3%2Bdeb12u2
Typedeb
Namespacedebian
Namepython-tornado
Version6.2.0-3+deb12u2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version6.2.0-3+deb12u4
Latest_non_vulnerable_version6.5.5-1
Affected_by_vulnerabilities
0
url VCID-27x3-ch78-8ueh
vulnerability_id VCID-27x3-ch78-8ueh
summary tornado: Tornado Quadratic DoS via Repeated Header Coalescing
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-67725.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-67725.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-67725
reference_id
reference_type
scores
0
value 0.00305
scoring_system epss
scoring_elements 0.53677
published_at 2026-04-07T12:55:00Z
1
value 0.00305
scoring_system epss
scoring_elements 0.53708
published_at 2026-04-04T12:55:00Z
2
value 0.00305
scoring_system epss
scoring_elements 0.53759
published_at 2026-04-12T12:55:00Z
3
value 0.00305
scoring_system epss
scoring_elements 0.53776
published_at 2026-04-11T12:55:00Z
4
value 0.00305
scoring_system epss
scoring_elements 0.53727
published_at 2026-04-09T12:55:00Z
5
value 0.00305
scoring_system epss
scoring_elements 0.53729
published_at 2026-04-08T12:55:00Z
6
value 0.00312
scoring_system epss
scoring_elements 0.5429
published_at 2026-04-02T12:55:00Z
7
value 0.00358
scoring_system epss
scoring_elements 0.58085
published_at 2026-04-16T12:55:00Z
8
value 0.00405
scoring_system epss
scoring_elements 0.60989
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-67725
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67725
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67725
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122661
reference_id 1122661
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122661
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2421722
reference_id 2421722
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2421722
6
reference_url https://github.com/tornadoweb/tornado/commit/771472cfdaeebc0d89a9cc46e249f8891a6b29cd
reference_id 771472cfdaeebc0d89a9cc46e249f8891a6b29cd
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-18T18:50:52Z/
url https://github.com/tornadoweb/tornado/commit/771472cfdaeebc0d89a9cc46e249f8891a6b29cd
7
reference_url https://github.com/tornadoweb/tornado/security/advisories/GHSA-c98p-7wgm-6p64
reference_id GHSA-c98p-7wgm-6p64
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-18T18:50:52Z/
url https://github.com/tornadoweb/tornado/security/advisories/GHSA-c98p-7wgm-6p64
8
reference_url https://access.redhat.com/errata/RHSA-2026:0930
reference_id RHSA-2026:0930
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:0930
9
reference_url https://access.redhat.com/errata/RHSA-2026:2106
reference_id RHSA-2026:2106
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2106
10
reference_url https://access.redhat.com/errata/RHSA-2026:2462
reference_id RHSA-2026:2462
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2462
11
reference_url https://access.redhat.com/errata/RHSA-2026:2465
reference_id RHSA-2026:2465
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2465
12
reference_url https://access.redhat.com/errata/RHSA-2026:2469
reference_id RHSA-2026:2469
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2469
13
reference_url https://access.redhat.com/errata/RHSA-2026:2484
reference_id RHSA-2026:2484
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2484
14
reference_url https://access.redhat.com/errata/RHSA-2026:3713
reference_id RHSA-2026:3713
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3713
15
reference_url https://usn.ubuntu.com/7950-1/
reference_id USN-7950-1
reference_type
scores
url https://usn.ubuntu.com/7950-1/
16
reference_url https://github.com/tornadoweb/tornado/releases/tag/v6.5.3
reference_id v6.5.3
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-18T18:50:52Z/
url https://github.com/tornadoweb/tornado/releases/tag/v6.5.3
fixed_packages
0
url pkg:deb/debian/python-tornado@6.2.0-3%2Bdeb12u4
purl pkg:deb/debian/python-tornado@6.2.0-3%2Bdeb12u4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.2.0-3%252Bdeb12u4
1
url pkg:deb/debian/python-tornado@6.4.2-3%2Bdeb13u2
purl pkg:deb/debian/python-tornado@6.4.2-3%2Bdeb13u2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.4.2-3%252Bdeb13u2
aliases CVE-2025-67725
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-27x3-ch78-8ueh
1
url VCID-be89-uuxa-fyb5
vulnerability_id VCID-be89-uuxa-fyb5
summary 
Tornado is vulnerable to DoS due to too many multipart parts
In versions of Tornado prior to 6.5.5, the only limit on the number of parts in `multipart/form-data` is the `max_body_size` setting (default 100MB). Since parsing occurs synchronously on the main thread, this creates the possibility of denial-of-service due to the cost of parsing very large multipart bodies with many parts. 

Tornado 6.5.5 introduces new limits on the size and complexity of multipart bodies, including a default limit of 100 parts per request. These limits are configurable if needed; see `tornado.httputil.ParseMultipartConfig`. It is also now possible to disable `multipart/form-data` parsing entirely if it is not required for the application.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31958.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31958.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-31958
reference_id
reference_type
scores
0
value 0.0003
scoring_system epss
scoring_elements 0.08464
published_at 2026-04-08T12:55:00Z
1
value 0.0003
scoring_system epss
scoring_elements 0.08476
published_at 2026-04-11T12:55:00Z
2
value 0.0003
scoring_system epss
scoring_elements 0.08482
published_at 2026-04-09T12:55:00Z
3
value 0.0003
scoring_system epss
scoring_elements 0.08392
published_at 2026-04-07T12:55:00Z
4
value 0.0003
scoring_system epss
scoring_elements 0.08472
published_at 2026-04-04T12:55:00Z
5
value 0.0003
scoring_system epss
scoring_elements 0.08419
published_at 2026-04-02T12:55:00Z
6
value 0.00032
scoring_system epss
scoring_elements 0.0929
published_at 2026-04-13T12:55:00Z
7
value 0.00032
scoring_system epss
scoring_elements 0.09304
published_at 2026-04-12T12:55:00Z
8
value 0.00032
scoring_system epss
scoring_elements 0.09182
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-31958
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-31958
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-31958
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/tornadoweb/tornado
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/tornadoweb/tornado
5
reference_url https://github.com/tornadoweb/tornado/commit/119a195e290c43ad2d63a2cf012c29d43d6ed839
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/tornadoweb/tornado/commit/119a195e290c43ad2d63a2cf012c29d43d6ed839
6
reference_url https://github.com/tornadoweb/tornado/releases/tag/v6.5.5
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/tornadoweb/tornado/releases/tag/v6.5.5
7
reference_url https://github.com/tornadoweb/tornado/security/advisories/GHSA-qjxf-f2mg-c6mc
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-12T19:55:43Z/
url https://github.com/tornadoweb/tornado/security/advisories/GHSA-qjxf-f2mg-c6mc
8
reference_url https://lists.debian.org/debian-lts-announce/2026/04/msg00000.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2026/04/msg00000.html
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-31958
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-31958
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130507
reference_id 1130507
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130507
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2446765
reference_id 2446765
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2446765
12
reference_url https://github.com/advisories/GHSA-qjxf-f2mg-c6mc
reference_id GHSA-qjxf-f2mg-c6mc
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qjxf-f2mg-c6mc
13
reference_url https://access.redhat.com/errata/RHSA-2026:8093
reference_id RHSA-2026:8093
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8093
fixed_packages
0
url pkg:deb/debian/python-tornado@6.2.0-3%2Bdeb12u4
purl pkg:deb/debian/python-tornado@6.2.0-3%2Bdeb12u4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.2.0-3%252Bdeb12u4
1
url pkg:deb/debian/python-tornado@6.4.2-3%2Bdeb13u2
purl pkg:deb/debian/python-tornado@6.4.2-3%2Bdeb13u2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.4.2-3%252Bdeb13u2
2
url pkg:deb/debian/python-tornado@6.5.5-1
purl pkg:deb/debian/python-tornado@6.5.5-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.5.5-1
aliases CVE-2026-31958, GHSA-qjxf-f2mg-c6mc
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-be89-uuxa-fyb5
2
url VCID-g13r-ansu-27av
vulnerability_id VCID-g13r-ansu-27av
summary tornado: Tornado Header Injection and XSS via reason argument
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-67724.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-67724.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-67724
reference_id
reference_type
scores
0
value 0.00058
scoring_system epss
scoring_elements 0.1836
published_at 2026-04-02T12:55:00Z
1
value 0.00058
scoring_system epss
scoring_elements 0.18415
published_at 2026-04-04T12:55:00Z
2
value 0.00058
scoring_system epss
scoring_elements 0.18119
published_at 2026-04-07T12:55:00Z
3
value 0.00058
scoring_system epss
scoring_elements 0.18204
published_at 2026-04-08T12:55:00Z
4
value 0.00058
scoring_system epss
scoring_elements 0.18258
published_at 2026-04-09T12:55:00Z
5
value 0.00058
scoring_system epss
scoring_elements 0.1826
published_at 2026-04-11T12:55:00Z
6
value 0.00058
scoring_system epss
scoring_elements 0.18213
published_at 2026-04-12T12:55:00Z
7
value 0.00078
scoring_system epss
scoring_elements 0.23204
published_at 2026-04-16T12:55:00Z
8
value 0.00078
scoring_system epss
scoring_elements 0.23188
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-67724
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67724
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67724
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122660
reference_id 1122660
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122660
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2421719
reference_id 2421719
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2421719
6
reference_url https://usn.ubuntu.com/7950-1/
reference_id USN-7950-1
reference_type
scores
url https://usn.ubuntu.com/7950-1/
fixed_packages
0
url pkg:deb/debian/python-tornado@6.2.0-3%2Bdeb12u4
purl pkg:deb/debian/python-tornado@6.2.0-3%2Bdeb12u4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.2.0-3%252Bdeb12u4
1
url pkg:deb/debian/python-tornado@6.4.2-3%2Bdeb13u2
purl pkg:deb/debian/python-tornado@6.4.2-3%2Bdeb13u2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.4.2-3%252Bdeb13u2
2
url pkg:deb/debian/python-tornado@6.5.4-1
purl pkg:deb/debian/python-tornado@6.5.4-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-be89-uuxa-fyb5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.5.4-1
aliases CVE-2025-67724
risk_score 2.5
exploitability 0.5
weighted_severity 4.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g13r-ansu-27av
3
url VCID-nq24-395d-wuar
vulnerability_id VCID-nq24-395d-wuar
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-35536.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-35536.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-35536
reference_id
reference_type
scores
0
value 0.00037
scoring_system epss
scoring_elements 0.11065
published_at 2026-04-04T12:55:00Z
1
value 0.00037
scoring_system epss
scoring_elements 0.10888
published_at 2026-04-07T12:55:00Z
2
value 0.00037
scoring_system epss
scoring_elements 0.10964
published_at 2026-04-08T12:55:00Z
3
value 0.00048
scoring_system epss
scoring_elements 0.15021
published_at 2026-04-09T12:55:00Z
4
value 0.00051
scoring_system epss
scoring_elements 0.15806
published_at 2026-04-13T12:55:00Z
5
value 0.00051
scoring_system epss
scoring_elements 0.15728
published_at 2026-04-16T12:55:00Z
6
value 0.00051
scoring_system epss
scoring_elements 0.15874
published_at 2026-04-12T12:55:00Z
7
value 0.00051
scoring_system epss
scoring_elements 0.15913
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-35536
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35536
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35536
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/tornadoweb/tornado
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/tornadoweb/tornado
5
reference_url https://github.com/tornadoweb/tornado/releases/tag/v6.5.5
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:12:08Z/
url https://github.com/tornadoweb/tornado/releases/tag/v6.5.5
6
reference_url https://github.com/tornadoweb/tornado/security/advisories/GHSA-78cv-mqj4-43f7
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:12:08Z/
url https://github.com/tornadoweb/tornado/security/advisories/GHSA-78cv-mqj4-43f7
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132367
reference_id 1132367
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132367
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454716
reference_id 2454716
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454716
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-35536
reference_id CVE-2026-35536
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-35536
10
reference_url https://github.com/advisories/GHSA-fqwm-6jpj-5wxc
reference_id GHSA-fqwm-6jpj-5wxc
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fqwm-6jpj-5wxc
fixed_packages
0
url pkg:deb/debian/python-tornado@6.2.0-3%2Bdeb12u4
purl pkg:deb/debian/python-tornado@6.2.0-3%2Bdeb12u4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.2.0-3%252Bdeb12u4
1
url pkg:deb/debian/python-tornado@6.4.2-3%2Bdeb13u2
purl pkg:deb/debian/python-tornado@6.4.2-3%2Bdeb13u2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.4.2-3%252Bdeb13u2
aliases CVE-2026-35536, GHSA-fqwm-6jpj-5wxc
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nq24-395d-wuar
4
url VCID-y1z8-z2f1-mqg7
vulnerability_id VCID-y1z8-z2f1-mqg7
summary tornado: Tornado Quadratic DoS via Crafted Multipart Parameters
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-67726.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-67726.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-67726
reference_id
reference_type
scores
0
value 0.00118
scoring_system epss
scoring_elements 0.30824
published_at 2026-04-02T12:55:00Z
1
value 0.00118
scoring_system epss
scoring_elements 0.30739
published_at 2026-04-12T12:55:00Z
2
value 0.00118
scoring_system epss
scoring_elements 0.30783
published_at 2026-04-11T12:55:00Z
3
value 0.00118
scoring_system epss
scoring_elements 0.3078
published_at 2026-04-09T12:55:00Z
4
value 0.00118
scoring_system epss
scoring_elements 0.30748
published_at 2026-04-08T12:55:00Z
5
value 0.00118
scoring_system epss
scoring_elements 0.30872
published_at 2026-04-04T12:55:00Z
6
value 0.00118
scoring_system epss
scoring_elements 0.30691
published_at 2026-04-07T12:55:00Z
7
value 0.00124
scoring_system epss
scoring_elements 0.31634
published_at 2026-04-16T12:55:00Z
8
value 0.00124
scoring_system epss
scoring_elements 0.31601
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-67726
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67726
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67726
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122663
reference_id 1122663
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122663
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2421733
reference_id 2421733
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2421733
6
reference_url https://github.com/tornadoweb/tornado/commit/771472cfdaeebc0d89a9cc46e249f8891a6b29cd
reference_id 771472cfdaeebc0d89a9cc46e249f8891a6b29cd
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-18T18:47:53Z/
url https://github.com/tornadoweb/tornado/commit/771472cfdaeebc0d89a9cc46e249f8891a6b29cd
7
reference_url https://github.com/tornadoweb/tornado/security/advisories/GHSA-jhmp-mqwm-3gq8
reference_id GHSA-jhmp-mqwm-3gq8
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-18T18:47:53Z/
url https://github.com/tornadoweb/tornado/security/advisories/GHSA-jhmp-mqwm-3gq8
8
reference_url https://access.redhat.com/errata/RHSA-2026:0930
reference_id RHSA-2026:0930
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:0930
9
reference_url https://access.redhat.com/errata/RHSA-2026:2106
reference_id RHSA-2026:2106
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2106
10
reference_url https://access.redhat.com/errata/RHSA-2026:2462
reference_id RHSA-2026:2462
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2462
11
reference_url https://access.redhat.com/errata/RHSA-2026:2465
reference_id RHSA-2026:2465
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2465
12
reference_url https://access.redhat.com/errata/RHSA-2026:2469
reference_id RHSA-2026:2469
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2469
13
reference_url https://access.redhat.com/errata/RHSA-2026:2484
reference_id RHSA-2026:2484
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2484
14
reference_url https://access.redhat.com/errata/RHSA-2026:3713
reference_id RHSA-2026:3713
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3713
15
reference_url https://usn.ubuntu.com/7950-1/
reference_id USN-7950-1
reference_type
scores
url https://usn.ubuntu.com/7950-1/
16
reference_url https://github.com/tornadoweb/tornado/releases/tag/v6.5.3
reference_id v6.5.3
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-18T18:47:53Z/
url https://github.com/tornadoweb/tornado/releases/tag/v6.5.3
fixed_packages
0
url pkg:deb/debian/python-tornado@6.2.0-3%2Bdeb12u4
purl pkg:deb/debian/python-tornado@6.2.0-3%2Bdeb12u4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.2.0-3%252Bdeb12u4
1
url pkg:deb/debian/python-tornado@6.4.2-3%2Bdeb13u2
purl pkg:deb/debian/python-tornado@6.4.2-3%2Bdeb13u2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.4.2-3%252Bdeb13u2
aliases CVE-2025-67726
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y1z8-z2f1-mqg7
Fixing_vulnerabilities
0
url VCID-27x3-ch78-8ueh
vulnerability_id VCID-27x3-ch78-8ueh
summary tornado: Tornado Quadratic DoS via Repeated Header Coalescing
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-67725.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-67725.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-67725
reference_id
reference_type
scores
0
value 0.00305
scoring_system epss
scoring_elements 0.53677
published_at 2026-04-07T12:55:00Z
1
value 0.00305
scoring_system epss
scoring_elements 0.53708
published_at 2026-04-04T12:55:00Z
2
value 0.00305
scoring_system epss
scoring_elements 0.53759
published_at 2026-04-12T12:55:00Z
3
value 0.00305
scoring_system epss
scoring_elements 0.53776
published_at 2026-04-11T12:55:00Z
4
value 0.00305
scoring_system epss
scoring_elements 0.53727
published_at 2026-04-09T12:55:00Z
5
value 0.00305
scoring_system epss
scoring_elements 0.53729
published_at 2026-04-08T12:55:00Z
6
value 0.00312
scoring_system epss
scoring_elements 0.5429
published_at 2026-04-02T12:55:00Z
7
value 0.00358
scoring_system epss
scoring_elements 0.58085
published_at 2026-04-16T12:55:00Z
8
value 0.00405
scoring_system epss
scoring_elements 0.60989
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-67725
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67725
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67725
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122661
reference_id 1122661
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122661
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2421722
reference_id 2421722
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2421722
6
reference_url https://github.com/tornadoweb/tornado/commit/771472cfdaeebc0d89a9cc46e249f8891a6b29cd
reference_id 771472cfdaeebc0d89a9cc46e249f8891a6b29cd
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-18T18:50:52Z/
url https://github.com/tornadoweb/tornado/commit/771472cfdaeebc0d89a9cc46e249f8891a6b29cd
7
reference_url https://github.com/tornadoweb/tornado/security/advisories/GHSA-c98p-7wgm-6p64
reference_id GHSA-c98p-7wgm-6p64
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-18T18:50:52Z/
url https://github.com/tornadoweb/tornado/security/advisories/GHSA-c98p-7wgm-6p64
8
reference_url https://access.redhat.com/errata/RHSA-2026:0930
reference_id RHSA-2026:0930
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:0930
9
reference_url https://access.redhat.com/errata/RHSA-2026:2106
reference_id RHSA-2026:2106
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2106
10
reference_url https://access.redhat.com/errata/RHSA-2026:2462
reference_id RHSA-2026:2462
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2462
11
reference_url https://access.redhat.com/errata/RHSA-2026:2465
reference_id RHSA-2026:2465
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2465
12
reference_url https://access.redhat.com/errata/RHSA-2026:2469
reference_id RHSA-2026:2469
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2469
13
reference_url https://access.redhat.com/errata/RHSA-2026:2484
reference_id RHSA-2026:2484
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2484
14
reference_url https://access.redhat.com/errata/RHSA-2026:3713
reference_id RHSA-2026:3713
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3713
15
reference_url https://usn.ubuntu.com/7950-1/
reference_id USN-7950-1
reference_type
scores
url https://usn.ubuntu.com/7950-1/
16
reference_url https://github.com/tornadoweb/tornado/releases/tag/v6.5.3
reference_id v6.5.3
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-18T18:50:52Z/
url https://github.com/tornadoweb/tornado/releases/tag/v6.5.3
fixed_packages
0
url pkg:deb/debian/python-tornado@6.2.0-3%2Bdeb12u2
purl pkg:deb/debian/python-tornado@6.2.0-3%2Bdeb12u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-27x3-ch78-8ueh
1
vulnerability VCID-be89-uuxa-fyb5
2
vulnerability VCID-g13r-ansu-27av
3
vulnerability VCID-nq24-395d-wuar
4
vulnerability VCID-y1z8-z2f1-mqg7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.2.0-3%252Bdeb12u2
1
url pkg:deb/debian/python-tornado@6.2.0-3%2Bdeb12u4
purl pkg:deb/debian/python-tornado@6.2.0-3%2Bdeb12u4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.2.0-3%252Bdeb12u4
2
url pkg:deb/debian/python-tornado@6.4.2-3%2Bdeb13u2
purl pkg:deb/debian/python-tornado@6.4.2-3%2Bdeb13u2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.4.2-3%252Bdeb13u2
aliases CVE-2025-67725
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-27x3-ch78-8ueh
1
url VCID-3y8v-vsd8-ubba
vulnerability_id VCID-3y8v-vsd8-ubba
summary 
Tornado has an HTTP cookie parsing DoS vulnerability
The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in the event loop thread and may block the processing of other requests.

See also CVE-2024-7592 for a similar vulnerability in cpython.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52804.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52804.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-52804
reference_id
reference_type
scores
0
value 0.00118
scoring_system epss
scoring_elements 0.30715
published_at 2026-04-16T12:55:00Z
1
value 0.00118
scoring_system epss
scoring_elements 0.30691
published_at 2026-04-13T12:55:00Z
2
value 0.00118
scoring_system epss
scoring_elements 0.30737
published_at 2026-04-12T12:55:00Z
3
value 0.00118
scoring_system epss
scoring_elements 0.30781
published_at 2026-04-11T12:55:00Z
4
value 0.00118
scoring_system epss
scoring_elements 0.30746
published_at 2026-04-08T12:55:00Z
5
value 0.00118
scoring_system epss
scoring_elements 0.30688
published_at 2026-04-07T12:55:00Z
6
value 0.00118
scoring_system epss
scoring_elements 0.30869
published_at 2026-04-04T12:55:00Z
7
value 0.00118
scoring_system epss
scoring_elements 0.3082
published_at 2026-04-02T12:55:00Z
8
value 0.00118
scoring_system epss
scoring_elements 0.30778
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-52804
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52804
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52804
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/tornadoweb/tornado
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/tornadoweb/tornado
5
reference_url https://github.com/tornadoweb/tornado/commit/d5ba4a1695fbf7c6a3e54313262639b198291533
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:54:41Z/
url https://github.com/tornadoweb/tornado/commit/d5ba4a1695fbf7c6a3e54313262639b198291533
6
reference_url https://github.com/tornadoweb/tornado/security/advisories/GHSA-8w49-h785-mj3c
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:54:41Z/
url https://github.com/tornadoweb/tornado/security/advisories/GHSA-8w49-h785-mj3c
7
reference_url https://lists.debian.org/debian-lts-announce/2025/01/msg00000.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/01/msg00000.html
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-52804
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-52804
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088112
reference_id 1088112
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088112
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2328045
reference_id 2328045
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2328045
11
reference_url https://github.com/advisories/GHSA-7pwv-g7hj-39pr
reference_id GHSA-7pwv-g7hj-39pr
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:54:41Z/
url https://github.com/advisories/GHSA-7pwv-g7hj-39pr
12
reference_url https://github.com/advisories/GHSA-8w49-h785-mj3c
reference_id GHSA-8w49-h785-mj3c
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8w49-h785-mj3c
13
reference_url https://access.redhat.com/errata/RHSA-2024:10590
reference_id RHSA-2024:10590
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10590
14
reference_url https://access.redhat.com/errata/RHSA-2024:10836
reference_id RHSA-2024:10836
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10836
15
reference_url https://access.redhat.com/errata/RHSA-2024:10843
reference_id RHSA-2024:10843
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10843
16
reference_url https://access.redhat.com/errata/RHSA-2025:2470
reference_id RHSA-2025:2470
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2470
17
reference_url https://access.redhat.com/errata/RHSA-2025:2471
reference_id RHSA-2025:2471
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2471
18
reference_url https://access.redhat.com/errata/RHSA-2025:2550
reference_id RHSA-2025:2550
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2550
19
reference_url https://access.redhat.com/errata/RHSA-2025:2872
reference_id RHSA-2025:2872
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2872
20
reference_url https://access.redhat.com/errata/RHSA-2025:2955
reference_id RHSA-2025:2955
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2955
21
reference_url https://access.redhat.com/errata/RHSA-2025:2956
reference_id RHSA-2025:2956
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2956
22
reference_url https://access.redhat.com/errata/RHSA-2025:3108
reference_id RHSA-2025:3108
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3108
23
reference_url https://access.redhat.com/errata/RHSA-2025:3109
reference_id RHSA-2025:3109
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3109
24
reference_url https://usn.ubuntu.com/7150-1/
reference_id USN-7150-1
reference_type
scores
url https://usn.ubuntu.com/7150-1/
fixed_packages
0
url pkg:deb/debian/python-tornado@6.2.0-3%2Bdeb12u2
purl pkg:deb/debian/python-tornado@6.2.0-3%2Bdeb12u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-27x3-ch78-8ueh
1
vulnerability VCID-be89-uuxa-fyb5
2
vulnerability VCID-g13r-ansu-27av
3
vulnerability VCID-nq24-395d-wuar
4
vulnerability VCID-y1z8-z2f1-mqg7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.2.0-3%252Bdeb12u2
aliases CVE-2024-52804, GHSA-8w49-h785-mj3c
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3y8v-vsd8-ubba
2
url VCID-62bx-a5uf-j3b4
vulnerability_id VCID-62bx-a5uf-j3b4
summary 
Tornado vulnerable to excessive logging caused by malformed multipart form data
### Summary

When Tornado's ``multipart/form-data`` parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume of logs, constituting a DoS attack. This DoS is compounded by the fact that the logging subsystem is synchronous.

### Affected versions

All versions of Tornado prior to 6.5 are affected. The vulnerable parser is enabled by default.

### Solution

Upgrade to Tornado version 6.5. In the meantime, risk can be mitigated by blocking `Content-Type: multipart/form-data` in a proxy.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-47287.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-47287.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-47287
reference_id
reference_type
scores
0
value 0.01164
scoring_system epss
scoring_elements 0.78643
published_at 2026-04-16T12:55:00Z
1
value 0.01164
scoring_system epss
scoring_elements 0.78571
published_at 2026-04-02T12:55:00Z
2
value 0.01164
scoring_system epss
scoring_elements 0.78603
published_at 2026-04-04T12:55:00Z
3
value 0.01164
scoring_system epss
scoring_elements 0.78584
published_at 2026-04-07T12:55:00Z
4
value 0.01164
scoring_system epss
scoring_elements 0.78609
published_at 2026-04-08T12:55:00Z
5
value 0.01164
scoring_system epss
scoring_elements 0.78616
published_at 2026-04-09T12:55:00Z
6
value 0.01164
scoring_system epss
scoring_elements 0.7864
published_at 2026-04-11T12:55:00Z
7
value 0.01164
scoring_system epss
scoring_elements 0.78622
published_at 2026-04-12T12:55:00Z
8
value 0.01164
scoring_system epss
scoring_elements 0.78614
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-47287
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47287
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47287
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/tornadoweb/tornado
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/tornadoweb/tornado
5
reference_url https://github.com/tornadoweb/tornado/commit/b39b892bf78fe8fea01dd45199aa88307e7162f3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-16T13:36:22Z/
url https://github.com/tornadoweb/tornado/commit/b39b892bf78fe8fea01dd45199aa88307e7162f3
6
reference_url https://github.com/tornadoweb/tornado/security/advisories/GHSA-7cx3-6m66-7c5m
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-16T13:36:22Z/
url https://github.com/tornadoweb/tornado/security/advisories/GHSA-7cx3-6m66-7c5m
7
reference_url https://lists.debian.org/debian-lts-announce/2025/05/msg00038.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/05/msg00038.html
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-47287
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-47287
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1105886
reference_id 1105886
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1105886
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2366703
reference_id 2366703
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2366703
11
reference_url https://github.com/advisories/GHSA-7cx3-6m66-7c5m
reference_id GHSA-7cx3-6m66-7c5m
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7cx3-6m66-7c5m
12
reference_url https://access.redhat.com/errata/RHSA-2025:8135
reference_id RHSA-2025:8135
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8135
13
reference_url https://access.redhat.com/errata/RHSA-2025:8136
reference_id RHSA-2025:8136
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8136
14
reference_url https://access.redhat.com/errata/RHSA-2025:8223
reference_id RHSA-2025:8223
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8223
15
reference_url https://access.redhat.com/errata/RHSA-2025:8226
reference_id RHSA-2025:8226
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8226
16
reference_url https://access.redhat.com/errata/RHSA-2025:8254
reference_id RHSA-2025:8254
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8254
17
reference_url https://access.redhat.com/errata/RHSA-2025:8279
reference_id RHSA-2025:8279
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8279
18
reference_url https://access.redhat.com/errata/RHSA-2025:8290
reference_id RHSA-2025:8290
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8290
19
reference_url https://access.redhat.com/errata/RHSA-2025:8291
reference_id RHSA-2025:8291
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8291
20
reference_url https://access.redhat.com/errata/RHSA-2025:8323
reference_id RHSA-2025:8323
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8323
21
reference_url https://access.redhat.com/errata/RHSA-2025:8664
reference_id RHSA-2025:8664
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8664
22
reference_url https://usn.ubuntu.com/7547-1/
reference_id USN-7547-1
reference_type
scores
url https://usn.ubuntu.com/7547-1/
fixed_packages
0
url pkg:deb/debian/python-tornado@6.2.0-3%2Bdeb12u2
purl pkg:deb/debian/python-tornado@6.2.0-3%2Bdeb12u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-27x3-ch78-8ueh
1
vulnerability VCID-be89-uuxa-fyb5
2
vulnerability VCID-g13r-ansu-27av
3
vulnerability VCID-nq24-395d-wuar
4
vulnerability VCID-y1z8-z2f1-mqg7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.2.0-3%252Bdeb12u2
aliases CVE-2025-47287, GHSA-7cx3-6m66-7c5m
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-62bx-a5uf-j3b4
3
url VCID-6knn-nt2y-1uem
vulnerability_id VCID-6knn-nt2y-1uem
summary Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28370.json
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28370.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-28370
reference_id
reference_type
scores
0
value 0.00528
scoring_system epss
scoring_elements 0.67193
published_at 2026-04-16T12:55:00Z
1
value 0.00528
scoring_system epss
scoring_elements 0.67157
published_at 2026-04-13T12:55:00Z
2
value 0.00528
scoring_system epss
scoring_elements 0.67187
published_at 2026-04-12T12:55:00Z
3
value 0.00528
scoring_system epss
scoring_elements 0.67201
published_at 2026-04-11T12:55:00Z
4
value 0.00528
scoring_system epss
scoring_elements 0.67182
published_at 2026-04-09T12:55:00Z
5
value 0.00528
scoring_system epss
scoring_elements 0.67169
published_at 2026-04-08T12:55:00Z
6
value 0.00528
scoring_system epss
scoring_elements 0.67121
published_at 2026-04-02T12:55:00Z
7
value 0.00528
scoring_system epss
scoring_elements 0.67119
published_at 2026-04-07T12:55:00Z
8
value 0.00528
scoring_system epss
scoring_elements 0.67144
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-28370
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28370
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28370
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/tornado/PYSEC-2023-75.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/tornado/PYSEC-2023-75.yaml
5
reference_url https://github.com/tornadoweb/tornado
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/tornadoweb/tornado
6
reference_url https://github.com/tornadoweb/tornado/commit/32ad07c54e607839273b4e1819c347f5c8976b2f
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/tornadoweb/tornado/commit/32ad07c54e607839273b4e1819c347f5c8976b2f
7
reference_url https://github.com/tornadoweb/tornado/releases/tag/v6.3.2
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T15:19:04Z/
url https://github.com/tornadoweb/tornado/releases/tag/v6.3.2
8
reference_url https://jvn.jp/en/jp/JVN45127776
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jvn.jp/en/jp/JVN45127776
9
reference_url https://jvn.jp/en/jp/JVN45127776/
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T15:19:04Z/
url https://jvn.jp/en/jp/JVN45127776/
10
reference_url https://lists.debian.org/debian-lts-announce/2025/01/msg00000.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/01/msg00000.html
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036875
reference_id 1036875
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036875
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2210199
reference_id 2210199
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2210199
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-28370
reference_id CVE-2023-28370
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-28370
14
reference_url https://github.com/advisories/GHSA-hj3f-6gcp-jg8j
reference_id GHSA-hj3f-6gcp-jg8j
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hj3f-6gcp-jg8j
15
reference_url https://access.redhat.com/errata/RHSA-2023:6523
reference_id RHSA-2023:6523
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6523
16
reference_url https://usn.ubuntu.com/6159-1/
reference_id USN-6159-1
reference_type
scores
url https://usn.ubuntu.com/6159-1/
17
reference_url https://usn.ubuntu.com/7150-1/
reference_id USN-7150-1
reference_type
scores
url https://usn.ubuntu.com/7150-1/
fixed_packages
0
url pkg:deb/debian/python-tornado@6.2.0-3%2Bdeb12u2
purl pkg:deb/debian/python-tornado@6.2.0-3%2Bdeb12u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-27x3-ch78-8ueh
1
vulnerability VCID-be89-uuxa-fyb5
2
vulnerability VCID-g13r-ansu-27av
3
vulnerability VCID-nq24-395d-wuar
4
vulnerability VCID-y1z8-z2f1-mqg7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.2.0-3%252Bdeb12u2
aliases CVE-2023-28370, GHSA-hj3f-6gcp-jg8j, PYSEC-2023-75
risk_score 3.4
exploitability 0.5
weighted_severity 6.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6knn-nt2y-1uem
4
url VCID-be89-uuxa-fyb5
vulnerability_id VCID-be89-uuxa-fyb5
summary 
Tornado is vulnerable to DoS due to too many multipart parts
In versions of Tornado prior to 6.5.5, the only limit on the number of parts in `multipart/form-data` is the `max_body_size` setting (default 100MB). Since parsing occurs synchronously on the main thread, this creates the possibility of denial-of-service due to the cost of parsing very large multipart bodies with many parts. 

Tornado 6.5.5 introduces new limits on the size and complexity of multipart bodies, including a default limit of 100 parts per request. These limits are configurable if needed; see `tornado.httputil.ParseMultipartConfig`. It is also now possible to disable `multipart/form-data` parsing entirely if it is not required for the application.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31958.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31958.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-31958
reference_id
reference_type
scores
0
value 0.0003
scoring_system epss
scoring_elements 0.08464
published_at 2026-04-08T12:55:00Z
1
value 0.0003
scoring_system epss
scoring_elements 0.08476
published_at 2026-04-11T12:55:00Z
2
value 0.0003
scoring_system epss
scoring_elements 0.08482
published_at 2026-04-09T12:55:00Z
3
value 0.0003
scoring_system epss
scoring_elements 0.08392
published_at 2026-04-07T12:55:00Z
4
value 0.0003
scoring_system epss
scoring_elements 0.08472
published_at 2026-04-04T12:55:00Z
5
value 0.0003
scoring_system epss
scoring_elements 0.08419
published_at 2026-04-02T12:55:00Z
6
value 0.00032
scoring_system epss
scoring_elements 0.0929
published_at 2026-04-13T12:55:00Z
7
value 0.00032
scoring_system epss
scoring_elements 0.09304
published_at 2026-04-12T12:55:00Z
8
value 0.00032
scoring_system epss
scoring_elements 0.09182
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-31958
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-31958
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-31958
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/tornadoweb/tornado
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/tornadoweb/tornado
5
reference_url https://github.com/tornadoweb/tornado/commit/119a195e290c43ad2d63a2cf012c29d43d6ed839
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/tornadoweb/tornado/commit/119a195e290c43ad2d63a2cf012c29d43d6ed839
6
reference_url https://github.com/tornadoweb/tornado/releases/tag/v6.5.5
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/tornadoweb/tornado/releases/tag/v6.5.5
7
reference_url https://github.com/tornadoweb/tornado/security/advisories/GHSA-qjxf-f2mg-c6mc
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-12T19:55:43Z/
url https://github.com/tornadoweb/tornado/security/advisories/GHSA-qjxf-f2mg-c6mc
8
reference_url https://lists.debian.org/debian-lts-announce/2026/04/msg00000.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2026/04/msg00000.html
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-31958
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-31958
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130507
reference_id 1130507
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130507
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2446765
reference_id 2446765
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2446765
12
reference_url https://github.com/advisories/GHSA-qjxf-f2mg-c6mc
reference_id GHSA-qjxf-f2mg-c6mc
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qjxf-f2mg-c6mc
13
reference_url https://access.redhat.com/errata/RHSA-2026:8093
reference_id RHSA-2026:8093
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8093
fixed_packages
0
url pkg:deb/debian/python-tornado@6.2.0-3%2Bdeb12u2
purl pkg:deb/debian/python-tornado@6.2.0-3%2Bdeb12u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-27x3-ch78-8ueh
1
vulnerability VCID-be89-uuxa-fyb5
2
vulnerability VCID-g13r-ansu-27av
3
vulnerability VCID-nq24-395d-wuar
4
vulnerability VCID-y1z8-z2f1-mqg7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.2.0-3%252Bdeb12u2
1
url pkg:deb/debian/python-tornado@6.2.0-3%2Bdeb12u4
purl pkg:deb/debian/python-tornado@6.2.0-3%2Bdeb12u4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.2.0-3%252Bdeb12u4
2
url pkg:deb/debian/python-tornado@6.4.2-3%2Bdeb13u2
purl pkg:deb/debian/python-tornado@6.4.2-3%2Bdeb13u2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.4.2-3%252Bdeb13u2
3
url pkg:deb/debian/python-tornado@6.5.5-1
purl pkg:deb/debian/python-tornado@6.5.5-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.5.5-1
aliases CVE-2026-31958, GHSA-qjxf-f2mg-c6mc
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-be89-uuxa-fyb5
5
url VCID-g13r-ansu-27av
vulnerability_id VCID-g13r-ansu-27av
summary tornado: Tornado Header Injection and XSS via reason argument
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-67724.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-67724.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-67724
reference_id
reference_type
scores
0
value 0.00058
scoring_system epss
scoring_elements 0.1836
published_at 2026-04-02T12:55:00Z
1
value 0.00058
scoring_system epss
scoring_elements 0.18415
published_at 2026-04-04T12:55:00Z
2
value 0.00058
scoring_system epss
scoring_elements 0.18119
published_at 2026-04-07T12:55:00Z
3
value 0.00058
scoring_system epss
scoring_elements 0.18204
published_at 2026-04-08T12:55:00Z
4
value 0.00058
scoring_system epss
scoring_elements 0.18258
published_at 2026-04-09T12:55:00Z
5
value 0.00058
scoring_system epss
scoring_elements 0.1826
published_at 2026-04-11T12:55:00Z
6
value 0.00058
scoring_system epss
scoring_elements 0.18213
published_at 2026-04-12T12:55:00Z
7
value 0.00078
scoring_system epss
scoring_elements 0.23204
published_at 2026-04-16T12:55:00Z
8
value 0.00078
scoring_system epss
scoring_elements 0.23188
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-67724
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67724
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67724
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122660
reference_id 1122660
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122660
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2421719
reference_id 2421719
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2421719
6
reference_url https://usn.ubuntu.com/7950-1/
reference_id USN-7950-1
reference_type
scores
url https://usn.ubuntu.com/7950-1/
fixed_packages
0
url pkg:deb/debian/python-tornado@6.2.0-3%2Bdeb12u2
purl pkg:deb/debian/python-tornado@6.2.0-3%2Bdeb12u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-27x3-ch78-8ueh
1
vulnerability VCID-be89-uuxa-fyb5
2
vulnerability VCID-g13r-ansu-27av
3
vulnerability VCID-nq24-395d-wuar
4
vulnerability VCID-y1z8-z2f1-mqg7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.2.0-3%252Bdeb12u2
1
url pkg:deb/debian/python-tornado@6.2.0-3%2Bdeb12u4
purl pkg:deb/debian/python-tornado@6.2.0-3%2Bdeb12u4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.2.0-3%252Bdeb12u4
2
url pkg:deb/debian/python-tornado@6.4.2-3%2Bdeb13u2
purl pkg:deb/debian/python-tornado@6.4.2-3%2Bdeb13u2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.4.2-3%252Bdeb13u2
3
url pkg:deb/debian/python-tornado@6.5.4-1
purl pkg:deb/debian/python-tornado@6.5.4-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-be89-uuxa-fyb5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.5.4-1
aliases CVE-2025-67724
risk_score 2.5
exploitability 0.5
weighted_severity 4.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g13r-ansu-27av
6
url VCID-nq24-395d-wuar
vulnerability_id VCID-nq24-395d-wuar
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-35536.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-35536.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-35536
reference_id
reference_type
scores
0
value 0.00037
scoring_system epss
scoring_elements 0.11065
published_at 2026-04-04T12:55:00Z
1
value 0.00037
scoring_system epss
scoring_elements 0.10888
published_at 2026-04-07T12:55:00Z
2
value 0.00037
scoring_system epss
scoring_elements 0.10964
published_at 2026-04-08T12:55:00Z
3
value 0.00048
scoring_system epss
scoring_elements 0.15021
published_at 2026-04-09T12:55:00Z
4
value 0.00051
scoring_system epss
scoring_elements 0.15806
published_at 2026-04-13T12:55:00Z
5
value 0.00051
scoring_system epss
scoring_elements 0.15728
published_at 2026-04-16T12:55:00Z
6
value 0.00051
scoring_system epss
scoring_elements 0.15874
published_at 2026-04-12T12:55:00Z
7
value 0.00051
scoring_system epss
scoring_elements 0.15913
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-35536
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35536
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35536
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/tornadoweb/tornado
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/tornadoweb/tornado
5
reference_url https://github.com/tornadoweb/tornado/releases/tag/v6.5.5
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:12:08Z/
url https://github.com/tornadoweb/tornado/releases/tag/v6.5.5
6
reference_url https://github.com/tornadoweb/tornado/security/advisories/GHSA-78cv-mqj4-43f7
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:12:08Z/
url https://github.com/tornadoweb/tornado/security/advisories/GHSA-78cv-mqj4-43f7
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132367
reference_id 1132367
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132367
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454716
reference_id 2454716
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454716
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-35536
reference_id CVE-2026-35536
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-35536
10
reference_url https://github.com/advisories/GHSA-fqwm-6jpj-5wxc
reference_id GHSA-fqwm-6jpj-5wxc
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fqwm-6jpj-5wxc
fixed_packages
0
url pkg:deb/debian/python-tornado@6.2.0-3%2Bdeb12u2
purl pkg:deb/debian/python-tornado@6.2.0-3%2Bdeb12u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-27x3-ch78-8ueh
1
vulnerability VCID-be89-uuxa-fyb5
2
vulnerability VCID-g13r-ansu-27av
3
vulnerability VCID-nq24-395d-wuar
4
vulnerability VCID-y1z8-z2f1-mqg7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.2.0-3%252Bdeb12u2
1
url pkg:deb/debian/python-tornado@6.2.0-3%2Bdeb12u4
purl pkg:deb/debian/python-tornado@6.2.0-3%2Bdeb12u4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.2.0-3%252Bdeb12u4
2
url pkg:deb/debian/python-tornado@6.4.2-3%2Bdeb13u2
purl pkg:deb/debian/python-tornado@6.4.2-3%2Bdeb13u2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.4.2-3%252Bdeb13u2
aliases CVE-2026-35536, GHSA-fqwm-6jpj-5wxc
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nq24-395d-wuar
7
url VCID-y1z8-z2f1-mqg7
vulnerability_id VCID-y1z8-z2f1-mqg7
summary tornado: Tornado Quadratic DoS via Crafted Multipart Parameters
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-67726.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-67726.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-67726
reference_id
reference_type
scores
0
value 0.00118
scoring_system epss
scoring_elements 0.30824
published_at 2026-04-02T12:55:00Z
1
value 0.00118
scoring_system epss
scoring_elements 0.30739
published_at 2026-04-12T12:55:00Z
2
value 0.00118
scoring_system epss
scoring_elements 0.30783
published_at 2026-04-11T12:55:00Z
3
value 0.00118
scoring_system epss
scoring_elements 0.3078
published_at 2026-04-09T12:55:00Z
4
value 0.00118
scoring_system epss
scoring_elements 0.30748
published_at 2026-04-08T12:55:00Z
5
value 0.00118
scoring_system epss
scoring_elements 0.30872
published_at 2026-04-04T12:55:00Z
6
value 0.00118
scoring_system epss
scoring_elements 0.30691
published_at 2026-04-07T12:55:00Z
7
value 0.00124
scoring_system epss
scoring_elements 0.31634
published_at 2026-04-16T12:55:00Z
8
value 0.00124
scoring_system epss
scoring_elements 0.31601
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-67726
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67726
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67726
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122663
reference_id 1122663
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122663
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2421733
reference_id 2421733
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2421733
6
reference_url https://github.com/tornadoweb/tornado/commit/771472cfdaeebc0d89a9cc46e249f8891a6b29cd
reference_id 771472cfdaeebc0d89a9cc46e249f8891a6b29cd
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-18T18:47:53Z/
url https://github.com/tornadoweb/tornado/commit/771472cfdaeebc0d89a9cc46e249f8891a6b29cd
7
reference_url https://github.com/tornadoweb/tornado/security/advisories/GHSA-jhmp-mqwm-3gq8
reference_id GHSA-jhmp-mqwm-3gq8
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-18T18:47:53Z/
url https://github.com/tornadoweb/tornado/security/advisories/GHSA-jhmp-mqwm-3gq8
8
reference_url https://access.redhat.com/errata/RHSA-2026:0930
reference_id RHSA-2026:0930
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:0930
9
reference_url https://access.redhat.com/errata/RHSA-2026:2106
reference_id RHSA-2026:2106
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2106
10
reference_url https://access.redhat.com/errata/RHSA-2026:2462
reference_id RHSA-2026:2462
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2462
11
reference_url https://access.redhat.com/errata/RHSA-2026:2465
reference_id RHSA-2026:2465
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2465
12
reference_url https://access.redhat.com/errata/RHSA-2026:2469
reference_id RHSA-2026:2469
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2469
13
reference_url https://access.redhat.com/errata/RHSA-2026:2484
reference_id RHSA-2026:2484
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2484
14
reference_url https://access.redhat.com/errata/RHSA-2026:3713
reference_id RHSA-2026:3713
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3713
15
reference_url https://usn.ubuntu.com/7950-1/
reference_id USN-7950-1
reference_type
scores
url https://usn.ubuntu.com/7950-1/
16
reference_url https://github.com/tornadoweb/tornado/releases/tag/v6.5.3
reference_id v6.5.3
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-18T18:47:53Z/
url https://github.com/tornadoweb/tornado/releases/tag/v6.5.3
fixed_packages
0
url pkg:deb/debian/python-tornado@6.2.0-3%2Bdeb12u2
purl pkg:deb/debian/python-tornado@6.2.0-3%2Bdeb12u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-27x3-ch78-8ueh
1
vulnerability VCID-be89-uuxa-fyb5
2
vulnerability VCID-g13r-ansu-27av
3
vulnerability VCID-nq24-395d-wuar
4
vulnerability VCID-y1z8-z2f1-mqg7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.2.0-3%252Bdeb12u2
1
url pkg:deb/debian/python-tornado@6.2.0-3%2Bdeb12u4
purl pkg:deb/debian/python-tornado@6.2.0-3%2Bdeb12u4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.2.0-3%252Bdeb12u4
2
url pkg:deb/debian/python-tornado@6.4.2-3%2Bdeb13u2
purl pkg:deb/debian/python-tornado@6.4.2-3%2Bdeb13u2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.4.2-3%252Bdeb13u2
aliases CVE-2025-67726
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y1z8-z2f1-mqg7
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.2.0-3%252Bdeb12u2