Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/python-tornado@6.2.0-3%2Bdeb12u4
purl pkg:deb/debian/python-tornado@6.2.0-3%2Bdeb12u4
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (5)
Vulnerability Summary Aliases
VCID-27x3-ch78-8ueh tornado: Tornado Quadratic DoS via Repeated Header Coalescing CVE-2025-67725
VCID-be89-uuxa-fyb5 Tornado is vulnerable to DoS due to too many multipart parts In versions of Tornado prior to 6.5.5, the only limit on the number of parts in `multipart/form-data` is the `max_body_size` setting (default 100MB). Since parsing occurs synchronously on the main thread, this creates the possibility of denial-of-service due to the cost of parsing very large multipart bodies with many parts. Tornado 6.5.5 introduces new limits on the size and complexity of multipart bodies, including a default limit of 100 parts per request. These limits are configurable if needed; see `tornado.httputil.ParseMultipartConfig`. It is also now possible to disable `multipart/form-data` parsing entirely if it is not required for the application. CVE-2026-31958
GHSA-qjxf-f2mg-c6mc
VCID-g13r-ansu-27av tornado: Tornado Header Injection and XSS via reason argument CVE-2025-67724
VCID-nq24-395d-wuar CVE-2026-35536
GHSA-fqwm-6jpj-5wxc
VCID-y1z8-z2f1-mqg7 tornado: Tornado Quadratic DoS via Crafted Multipart Parameters CVE-2025-67726

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T10:13:59.240811+00:00 Debian Importer Fixing VCID-27x3-ch78-8ueh https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:54:56.880127+00:00 Debian Importer Fixing VCID-y1z8-z2f1-mqg7 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:02:45.168594+00:00 Debian Importer Fixing VCID-nq24-395d-wuar https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T08:43:48.715221+00:00 Debian Importer Fixing VCID-be89-uuxa-fyb5 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T08:38:23.762708+00:00 Debian Importer Fixing VCID-g13r-ansu-27av https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-13T06:52:50.646810+00:00 Debian Importer Fixing VCID-27x3-ch78-8ueh https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T06:38:08.470867+00:00 Debian Importer Fixing VCID-y1z8-z2f1-mqg7 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T18:03:52.550675+00:00 Debian Importer Fixing VCID-nq24-395d-wuar https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T17:51:55.897686+00:00 Debian Importer Fixing VCID-be89-uuxa-fyb5 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T17:48:33.409235+00:00 Debian Importer Fixing VCID-g13r-ansu-27av https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-08T18:34:31.676467+00:00 Debian Importer Fixing VCID-27x3-ch78-8ueh https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-08T18:24:42.322974+00:00 Debian Importer Fixing VCID-y1z8-z2f1-mqg7 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-07T06:07:12.654106+00:00 Debian Importer Fixing VCID-nq24-395d-wuar https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-07T05:52:39.944523+00:00 Debian Importer Fixing VCID-be89-uuxa-fyb5 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-07T05:48:45.974507+00:00 Debian Importer Fixing VCID-g13r-ansu-27av https://security-tracker.debian.org/tracker/data/json 38.1.0