Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/python-tornado@6.5.4-1?distro=trixie
Typedeb
Namespacedebian
Namepython-tornado
Version6.5.4-1
Qualifiers
distro trixie
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version6.5.5-1
Latest_non_vulnerable_version6.5.5-1
Affected_by_vulnerabilities
0
url VCID-be89-uuxa-fyb5
vulnerability_id VCID-be89-uuxa-fyb5
summary 
Tornado is vulnerable to DoS due to too many multipart parts
In versions of Tornado prior to 6.5.5, the only limit on the number of parts in `multipart/form-data` is the `max_body_size` setting (default 100MB). Since parsing occurs synchronously on the main thread, this creates the possibility of denial-of-service due to the cost of parsing very large multipart bodies with many parts. 

Tornado 6.5.5 introduces new limits on the size and complexity of multipart bodies, including a default limit of 100 parts per request. These limits are configurable if needed; see `tornado.httputil.ParseMultipartConfig`. It is also now possible to disable `multipart/form-data` parsing entirely if it is not required for the application.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31958.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31958.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-31958
reference_id
reference_type
scores
0
value 0.0003
scoring_system epss
scoring_elements 0.08476
published_at 2026-04-11T12:55:00Z
1
value 0.0003
scoring_system epss
scoring_elements 0.08482
published_at 2026-04-09T12:55:00Z
2
value 0.0003
scoring_system epss
scoring_elements 0.08464
published_at 2026-04-08T12:55:00Z
3
value 0.0003
scoring_system epss
scoring_elements 0.08392
published_at 2026-04-07T12:55:00Z
4
value 0.0003
scoring_system epss
scoring_elements 0.08472
published_at 2026-04-04T12:55:00Z
5
value 0.0003
scoring_system epss
scoring_elements 0.08419
published_at 2026-04-02T12:55:00Z
6
value 0.00032
scoring_system epss
scoring_elements 0.0929
published_at 2026-04-13T12:55:00Z
7
value 0.00032
scoring_system epss
scoring_elements 0.09304
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-31958
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-31958
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-31958
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/tornadoweb/tornado
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/tornadoweb/tornado
5
reference_url https://github.com/tornadoweb/tornado/commit/119a195e290c43ad2d63a2cf012c29d43d6ed839
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/tornadoweb/tornado/commit/119a195e290c43ad2d63a2cf012c29d43d6ed839
6
reference_url https://github.com/tornadoweb/tornado/releases/tag/v6.5.5
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/tornadoweb/tornado/releases/tag/v6.5.5
7
reference_url https://github.com/tornadoweb/tornado/security/advisories/GHSA-qjxf-f2mg-c6mc
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-12T19:55:43Z/
url https://github.com/tornadoweb/tornado/security/advisories/GHSA-qjxf-f2mg-c6mc
8
reference_url https://lists.debian.org/debian-lts-announce/2026/04/msg00000.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2026/04/msg00000.html
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-31958
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-31958
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130507
reference_id 1130507
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130507
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2446765
reference_id 2446765
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2446765
12
reference_url https://github.com/advisories/GHSA-qjxf-f2mg-c6mc
reference_id GHSA-qjxf-f2mg-c6mc
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qjxf-f2mg-c6mc
fixed_packages
0
url pkg:deb/debian/python-tornado@6.5.5-1?distro=trixie
purl pkg:deb/debian/python-tornado@6.5.5-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.5.5-1%3Fdistro=trixie
aliases CVE-2026-31958, GHSA-qjxf-f2mg-c6mc
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-be89-uuxa-fyb5
1
url VCID-nq24-395d-wuar
vulnerability_id VCID-nq24-395d-wuar
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-35536.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-35536.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-35536
reference_id
reference_type
scores
0
value 0.00037
scoring_system epss
scoring_elements 0.10888
published_at 2026-04-07T12:55:00Z
1
value 0.00037
scoring_system epss
scoring_elements 0.11065
published_at 2026-04-04T12:55:00Z
2
value 0.00037
scoring_system epss
scoring_elements 0.10964
published_at 2026-04-08T12:55:00Z
3
value 0.00048
scoring_system epss
scoring_elements 0.15021
published_at 2026-04-09T12:55:00Z
4
value 0.00051
scoring_system epss
scoring_elements 0.15874
published_at 2026-04-12T12:55:00Z
5
value 0.00051
scoring_system epss
scoring_elements 0.15806
published_at 2026-04-13T12:55:00Z
6
value 0.00051
scoring_system epss
scoring_elements 0.15913
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-35536
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35536
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35536
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/tornadoweb/tornado
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/tornadoweb/tornado
5
reference_url https://github.com/tornadoweb/tornado/releases/tag/v6.5.5
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:12:08Z/
url https://github.com/tornadoweb/tornado/releases/tag/v6.5.5
6
reference_url https://github.com/tornadoweb/tornado/security/advisories/GHSA-78cv-mqj4-43f7
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:12:08Z/
url https://github.com/tornadoweb/tornado/security/advisories/GHSA-78cv-mqj4-43f7
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132367
reference_id 1132367
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132367
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454716
reference_id 2454716
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454716
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-35536
reference_id CVE-2026-35536
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-35536
10
reference_url https://github.com/advisories/GHSA-fqwm-6jpj-5wxc
reference_id GHSA-fqwm-6jpj-5wxc
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fqwm-6jpj-5wxc
fixed_packages
0
url pkg:deb/debian/python-tornado@6.5.5-1?distro=trixie
purl pkg:deb/debian/python-tornado@6.5.5-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.5.5-1%3Fdistro=trixie
aliases CVE-2026-35536, GHSA-fqwm-6jpj-5wxc
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nq24-395d-wuar
Fixing_vulnerabilities
0
url VCID-1mw1-384y-huc7
vulnerability_id VCID-1mw1-384y-huc7
summary 
Uncontrolled Resource Consumption
Algorithmic complexity vulnerability in the `ssl.match_hostname` function and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote attackers to cause a denial of service (CPU consumption) via multiple wildcard characters in the common name in a certificate.
references
0
reference_url http://bugs.python.org/issue17980
reference_id
reference_type
scores
url http://bugs.python.org/issue17980
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2099.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2099.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-2099
reference_id
reference_type
scores
0
value 0.05238
scoring_system epss
scoring_elements 0.89926
published_at 2026-04-01T12:55:00Z
1
value 0.05238
scoring_system epss
scoring_elements 0.89929
published_at 2026-04-02T12:55:00Z
2
value 0.05238
scoring_system epss
scoring_elements 0.89942
published_at 2026-04-04T12:55:00Z
3
value 0.05238
scoring_system epss
scoring_elements 0.89948
published_at 2026-04-07T12:55:00Z
4
value 0.05238
scoring_system epss
scoring_elements 0.89964
published_at 2026-04-08T12:55:00Z
5
value 0.05238
scoring_system epss
scoring_elements 0.8997
published_at 2026-04-09T12:55:00Z
6
value 0.05238
scoring_system epss
scoring_elements 0.89978
published_at 2026-04-11T12:55:00Z
7
value 0.05238
scoring_system epss
scoring_elements 0.89976
published_at 2026-04-12T12:55:00Z
8
value 0.05238
scoring_system epss
scoring_elements 0.89969
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-2099
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2099
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2099
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2099
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2099
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709066
reference_id 709066
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709066
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709067
reference_id 709067
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709067
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709068
reference_id 709068
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709068
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709069
reference_id 709069
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709069
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709070
reference_id 709070
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709070
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=963260
reference_id 963260
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=963260
11
reference_url https://security.gentoo.org/glsa/201401-04
reference_id GLSA-201401-04
reference_type
scores
url https://security.gentoo.org/glsa/201401-04
12
reference_url https://access.redhat.com/errata/RHSA-2014:1263
reference_id RHSA-2014:1263
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:1263
13
reference_url https://access.redhat.com/errata/RHSA-2014:1690
reference_id RHSA-2014:1690
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:1690
14
reference_url https://access.redhat.com/errata/RHSA-2015:0042
reference_id RHSA-2015:0042
reference_type
scores
url https://access.redhat.com/errata/RHSA-2015:0042
15
reference_url https://access.redhat.com/errata/RHSA-2016:1166
reference_id RHSA-2016:1166
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:1166
16
reference_url https://usn.ubuntu.com/1983-1/
reference_id USN-1983-1
reference_type
scores
url https://usn.ubuntu.com/1983-1/
17
reference_url https://usn.ubuntu.com/1984-1/
reference_id USN-1984-1
reference_type
scores
url https://usn.ubuntu.com/1984-1/
18
reference_url https://usn.ubuntu.com/1985-1/
reference_id USN-1985-1
reference_type
scores
url https://usn.ubuntu.com/1985-1/
fixed_packages
0
url pkg:deb/debian/python-tornado@2.4.1-3?distro=trixie
purl pkg:deb/debian/python-tornado@2.4.1-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@2.4.1-3%3Fdistro=trixie
1
url pkg:deb/debian/python-tornado@6.1.0-1?distro=trixie
purl pkg:deb/debian/python-tornado@6.1.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.1.0-1%3Fdistro=trixie
2
url pkg:deb/debian/python-tornado@6.2.0-3%2Bdeb12u2?distro=trixie
purl pkg:deb/debian/python-tornado@6.2.0-3%2Bdeb12u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-27x3-ch78-8ueh
1
vulnerability VCID-be89-uuxa-fyb5
2
vulnerability VCID-g13r-ansu-27av
3
vulnerability VCID-nq24-395d-wuar
4
vulnerability VCID-y1z8-z2f1-mqg7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.2.0-3%252Bdeb12u2%3Fdistro=trixie
3
url pkg:deb/debian/python-tornado@6.4.2-3?distro=trixie
purl pkg:deb/debian/python-tornado@6.4.2-3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-27x3-ch78-8ueh
1
vulnerability VCID-be89-uuxa-fyb5
2
vulnerability VCID-g13r-ansu-27av
3
vulnerability VCID-nq24-395d-wuar
4
vulnerability VCID-y1z8-z2f1-mqg7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.4.2-3%3Fdistro=trixie
4
url pkg:deb/debian/python-tornado@6.5.4-1?distro=trixie
purl pkg:deb/debian/python-tornado@6.5.4-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-be89-uuxa-fyb5
1
vulnerability VCID-nq24-395d-wuar
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.5.4-1%3Fdistro=trixie
5
url pkg:deb/debian/python-tornado@6.5.5-1?distro=trixie
purl pkg:deb/debian/python-tornado@6.5.5-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.5.5-1%3Fdistro=trixie
aliases CVE-2013-2099
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1mw1-384y-huc7
1
url VCID-27x3-ch78-8ueh
vulnerability_id VCID-27x3-ch78-8ueh
summary tornado: Tornado Quadratic DoS via Repeated Header Coalescing
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-67725.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-67725.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-67725
reference_id
reference_type
scores
0
value 0.00305
scoring_system epss
scoring_elements 0.53677
published_at 2026-04-07T12:55:00Z
1
value 0.00305
scoring_system epss
scoring_elements 0.53708
published_at 2026-04-04T12:55:00Z
2
value 0.00305
scoring_system epss
scoring_elements 0.53759
published_at 2026-04-12T12:55:00Z
3
value 0.00305
scoring_system epss
scoring_elements 0.53776
published_at 2026-04-11T12:55:00Z
4
value 0.00305
scoring_system epss
scoring_elements 0.53727
published_at 2026-04-09T12:55:00Z
5
value 0.00305
scoring_system epss
scoring_elements 0.53729
published_at 2026-04-08T12:55:00Z
6
value 0.00312
scoring_system epss
scoring_elements 0.5429
published_at 2026-04-02T12:55:00Z
7
value 0.00405
scoring_system epss
scoring_elements 0.60989
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-67725
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67725
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67725
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122661
reference_id 1122661
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122661
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2421722
reference_id 2421722
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2421722
6
reference_url https://github.com/tornadoweb/tornado/commit/771472cfdaeebc0d89a9cc46e249f8891a6b29cd
reference_id 771472cfdaeebc0d89a9cc46e249f8891a6b29cd
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-18T18:50:52Z/
url https://github.com/tornadoweb/tornado/commit/771472cfdaeebc0d89a9cc46e249f8891a6b29cd
7
reference_url https://github.com/tornadoweb/tornado/security/advisories/GHSA-c98p-7wgm-6p64
reference_id GHSA-c98p-7wgm-6p64
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-18T18:50:52Z/
url https://github.com/tornadoweb/tornado/security/advisories/GHSA-c98p-7wgm-6p64
8
reference_url https://access.redhat.com/errata/RHSA-2026:0930
reference_id RHSA-2026:0930
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:0930
9
reference_url https://access.redhat.com/errata/RHSA-2026:2106
reference_id RHSA-2026:2106
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2106
10
reference_url https://access.redhat.com/errata/RHSA-2026:2462
reference_id RHSA-2026:2462
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2462
11
reference_url https://access.redhat.com/errata/RHSA-2026:2465
reference_id RHSA-2026:2465
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2465
12
reference_url https://access.redhat.com/errata/RHSA-2026:2469
reference_id RHSA-2026:2469
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2469
13
reference_url https://access.redhat.com/errata/RHSA-2026:2484
reference_id RHSA-2026:2484
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2484
14
reference_url https://access.redhat.com/errata/RHSA-2026:3713
reference_id RHSA-2026:3713
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3713
15
reference_url https://usn.ubuntu.com/7950-1/
reference_id USN-7950-1
reference_type
scores
url https://usn.ubuntu.com/7950-1/
16
reference_url https://github.com/tornadoweb/tornado/releases/tag/v6.5.3
reference_id v6.5.3
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-18T18:50:52Z/
url https://github.com/tornadoweb/tornado/releases/tag/v6.5.3
fixed_packages
0
url pkg:deb/debian/python-tornado@6.1.0-1?distro=trixie
purl pkg:deb/debian/python-tornado@6.1.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.1.0-1%3Fdistro=trixie
1
url pkg:deb/debian/python-tornado@6.1.0-1%2Bdeb11u3?distro=trixie
purl pkg:deb/debian/python-tornado@6.1.0-1%2Bdeb11u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.1.0-1%252Bdeb11u3%3Fdistro=trixie
2
url pkg:deb/debian/python-tornado@6.2.0-3%2Bdeb12u2?distro=trixie
purl pkg:deb/debian/python-tornado@6.2.0-3%2Bdeb12u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-27x3-ch78-8ueh
1
vulnerability VCID-be89-uuxa-fyb5
2
vulnerability VCID-g13r-ansu-27av
3
vulnerability VCID-nq24-395d-wuar
4
vulnerability VCID-y1z8-z2f1-mqg7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.2.0-3%252Bdeb12u2%3Fdistro=trixie
3
url pkg:deb/debian/python-tornado@6.2.0-3%2Bdeb12u4?distro=trixie
purl pkg:deb/debian/python-tornado@6.2.0-3%2Bdeb12u4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.2.0-3%252Bdeb12u4%3Fdistro=trixie
4
url pkg:deb/debian/python-tornado@6.4.2-3?distro=trixie
purl pkg:deb/debian/python-tornado@6.4.2-3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-27x3-ch78-8ueh
1
vulnerability VCID-be89-uuxa-fyb5
2
vulnerability VCID-g13r-ansu-27av
3
vulnerability VCID-nq24-395d-wuar
4
vulnerability VCID-y1z8-z2f1-mqg7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.4.2-3%3Fdistro=trixie
5
url pkg:deb/debian/python-tornado@6.4.2-3%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/python-tornado@6.4.2-3%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.4.2-3%252Bdeb13u2%3Fdistro=trixie
6
url pkg:deb/debian/python-tornado@6.5.4-0.1?distro=trixie
purl pkg:deb/debian/python-tornado@6.5.4-0.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.5.4-0.1%3Fdistro=trixie
7
url pkg:deb/debian/python-tornado@6.5.4-1?distro=trixie
purl pkg:deb/debian/python-tornado@6.5.4-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-be89-uuxa-fyb5
1
vulnerability VCID-nq24-395d-wuar
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.5.4-1%3Fdistro=trixie
8
url pkg:deb/debian/python-tornado@6.5.5-1?distro=trixie
purl pkg:deb/debian/python-tornado@6.5.5-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.5.5-1%3Fdistro=trixie
aliases CVE-2025-67725
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-27x3-ch78-8ueh
2
url VCID-3y8v-vsd8-ubba
vulnerability_id VCID-3y8v-vsd8-ubba
summary 
Tornado has an HTTP cookie parsing DoS vulnerability
The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in the event loop thread and may block the processing of other requests.

See also CVE-2024-7592 for a similar vulnerability in cpython.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52804.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52804.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-52804
reference_id
reference_type
scores
0
value 0.00118
scoring_system epss
scoring_elements 0.30691
published_at 2026-04-13T12:55:00Z
1
value 0.00118
scoring_system epss
scoring_elements 0.30737
published_at 2026-04-12T12:55:00Z
2
value 0.00118
scoring_system epss
scoring_elements 0.30781
published_at 2026-04-11T12:55:00Z
3
value 0.00118
scoring_system epss
scoring_elements 0.30778
published_at 2026-04-09T12:55:00Z
4
value 0.00118
scoring_system epss
scoring_elements 0.30746
published_at 2026-04-08T12:55:00Z
5
value 0.00118
scoring_system epss
scoring_elements 0.30688
published_at 2026-04-07T12:55:00Z
6
value 0.00118
scoring_system epss
scoring_elements 0.30869
published_at 2026-04-04T12:55:00Z
7
value 0.00118
scoring_system epss
scoring_elements 0.3082
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-52804
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52804
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52804
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/tornadoweb/tornado
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/tornadoweb/tornado
5
reference_url https://github.com/tornadoweb/tornado/commit/d5ba4a1695fbf7c6a3e54313262639b198291533
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:54:41Z/
url https://github.com/tornadoweb/tornado/commit/d5ba4a1695fbf7c6a3e54313262639b198291533
6
reference_url https://github.com/tornadoweb/tornado/security/advisories/GHSA-8w49-h785-mj3c
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:54:41Z/
url https://github.com/tornadoweb/tornado/security/advisories/GHSA-8w49-h785-mj3c
7
reference_url https://lists.debian.org/debian-lts-announce/2025/01/msg00000.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/01/msg00000.html
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-52804
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-52804
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088112
reference_id 1088112
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088112
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2328045
reference_id 2328045
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2328045
11
reference_url https://github.com/advisories/GHSA-7pwv-g7hj-39pr
reference_id GHSA-7pwv-g7hj-39pr
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:54:41Z/
url https://github.com/advisories/GHSA-7pwv-g7hj-39pr
12
reference_url https://github.com/advisories/GHSA-8w49-h785-mj3c
reference_id GHSA-8w49-h785-mj3c
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8w49-h785-mj3c
13
reference_url https://access.redhat.com/errata/RHSA-2024:10590
reference_id RHSA-2024:10590
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10590
14
reference_url https://access.redhat.com/errata/RHSA-2024:10836
reference_id RHSA-2024:10836
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10836
15
reference_url https://access.redhat.com/errata/RHSA-2024:10843
reference_id RHSA-2024:10843
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10843
16
reference_url https://access.redhat.com/errata/RHSA-2025:2470
reference_id RHSA-2025:2470
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2470
17
reference_url https://access.redhat.com/errata/RHSA-2025:2471
reference_id RHSA-2025:2471
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2471
18
reference_url https://access.redhat.com/errata/RHSA-2025:2550
reference_id RHSA-2025:2550
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2550
19
reference_url https://access.redhat.com/errata/RHSA-2025:2872
reference_id RHSA-2025:2872
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2872
20
reference_url https://access.redhat.com/errata/RHSA-2025:2955
reference_id RHSA-2025:2955
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2955
21
reference_url https://access.redhat.com/errata/RHSA-2025:2956
reference_id RHSA-2025:2956
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2956
22
reference_url https://access.redhat.com/errata/RHSA-2025:3108
reference_id RHSA-2025:3108
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3108
23
reference_url https://access.redhat.com/errata/RHSA-2025:3109
reference_id RHSA-2025:3109
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3109
24
reference_url https://usn.ubuntu.com/7150-1/
reference_id USN-7150-1
reference_type
scores
url https://usn.ubuntu.com/7150-1/
fixed_packages
0
url pkg:deb/debian/python-tornado@6.1.0-1?distro=trixie
purl pkg:deb/debian/python-tornado@6.1.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.1.0-1%3Fdistro=trixie
1
url pkg:deb/debian/python-tornado@6.1.0-1%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/python-tornado@6.1.0-1%2Bdeb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.1.0-1%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/python-tornado@6.2.0-3%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/python-tornado@6.2.0-3%2Bdeb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.2.0-3%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/python-tornado@6.2.0-3%2Bdeb12u2?distro=trixie
purl pkg:deb/debian/python-tornado@6.2.0-3%2Bdeb12u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-27x3-ch78-8ueh
1
vulnerability VCID-be89-uuxa-fyb5
2
vulnerability VCID-g13r-ansu-27av
3
vulnerability VCID-nq24-395d-wuar
4
vulnerability VCID-y1z8-z2f1-mqg7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.2.0-3%252Bdeb12u2%3Fdistro=trixie
4
url pkg:deb/debian/python-tornado@6.4.2-1?distro=trixie
purl pkg:deb/debian/python-tornado@6.4.2-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.4.2-1%3Fdistro=trixie
5
url pkg:deb/debian/python-tornado@6.4.2-3?distro=trixie
purl pkg:deb/debian/python-tornado@6.4.2-3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-27x3-ch78-8ueh
1
vulnerability VCID-be89-uuxa-fyb5
2
vulnerability VCID-g13r-ansu-27av
3
vulnerability VCID-nq24-395d-wuar
4
vulnerability VCID-y1z8-z2f1-mqg7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.4.2-3%3Fdistro=trixie
6
url pkg:deb/debian/python-tornado@6.5.4-1?distro=trixie
purl pkg:deb/debian/python-tornado@6.5.4-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-be89-uuxa-fyb5
1
vulnerability VCID-nq24-395d-wuar
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.5.4-1%3Fdistro=trixie
7
url pkg:deb/debian/python-tornado@6.5.5-1?distro=trixie
purl pkg:deb/debian/python-tornado@6.5.5-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.5.5-1%3Fdistro=trixie
aliases CVE-2024-52804, GHSA-8w49-h785-mj3c
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3y8v-vsd8-ubba
3
url VCID-62bx-a5uf-j3b4
vulnerability_id VCID-62bx-a5uf-j3b4
summary 
Tornado vulnerable to excessive logging caused by malformed multipart form data
### Summary

When Tornado's ``multipart/form-data`` parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume of logs, constituting a DoS attack. This DoS is compounded by the fact that the logging subsystem is synchronous.

### Affected versions

All versions of Tornado prior to 6.5 are affected. The vulnerable parser is enabled by default.

### Solution

Upgrade to Tornado version 6.5. In the meantime, risk can be mitigated by blocking `Content-Type: multipart/form-data` in a proxy.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-47287.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-47287.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-47287
reference_id
reference_type
scores
0
value 0.01164
scoring_system epss
scoring_elements 0.78614
published_at 2026-04-13T12:55:00Z
1
value 0.01164
scoring_system epss
scoring_elements 0.78571
published_at 2026-04-02T12:55:00Z
2
value 0.01164
scoring_system epss
scoring_elements 0.78603
published_at 2026-04-04T12:55:00Z
3
value 0.01164
scoring_system epss
scoring_elements 0.78584
published_at 2026-04-07T12:55:00Z
4
value 0.01164
scoring_system epss
scoring_elements 0.78609
published_at 2026-04-08T12:55:00Z
5
value 0.01164
scoring_system epss
scoring_elements 0.78616
published_at 2026-04-09T12:55:00Z
6
value 0.01164
scoring_system epss
scoring_elements 0.7864
published_at 2026-04-11T12:55:00Z
7
value 0.01164
scoring_system epss
scoring_elements 0.78622
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-47287
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47287
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47287
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/tornadoweb/tornado
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/tornadoweb/tornado
5
reference_url https://github.com/tornadoweb/tornado/commit/b39b892bf78fe8fea01dd45199aa88307e7162f3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-16T13:36:22Z/
url https://github.com/tornadoweb/tornado/commit/b39b892bf78fe8fea01dd45199aa88307e7162f3
6
reference_url https://github.com/tornadoweb/tornado/security/advisories/GHSA-7cx3-6m66-7c5m
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-16T13:36:22Z/
url https://github.com/tornadoweb/tornado/security/advisories/GHSA-7cx3-6m66-7c5m
7
reference_url https://lists.debian.org/debian-lts-announce/2025/05/msg00038.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/05/msg00038.html
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-47287
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-47287
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1105886
reference_id 1105886
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1105886
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2366703
reference_id 2366703
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2366703
11
reference_url https://github.com/advisories/GHSA-7cx3-6m66-7c5m
reference_id GHSA-7cx3-6m66-7c5m
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7cx3-6m66-7c5m
12
reference_url https://access.redhat.com/errata/RHSA-2025:8135
reference_id RHSA-2025:8135
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8135
13
reference_url https://access.redhat.com/errata/RHSA-2025:8136
reference_id RHSA-2025:8136
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8136
14
reference_url https://access.redhat.com/errata/RHSA-2025:8223
reference_id RHSA-2025:8223
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8223
15
reference_url https://access.redhat.com/errata/RHSA-2025:8226
reference_id RHSA-2025:8226
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8226
16
reference_url https://access.redhat.com/errata/RHSA-2025:8254
reference_id RHSA-2025:8254
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8254
17
reference_url https://access.redhat.com/errata/RHSA-2025:8279
reference_id RHSA-2025:8279
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8279
18
reference_url https://access.redhat.com/errata/RHSA-2025:8290
reference_id RHSA-2025:8290
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8290
19
reference_url https://access.redhat.com/errata/RHSA-2025:8291
reference_id RHSA-2025:8291
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8291
20
reference_url https://access.redhat.com/errata/RHSA-2025:8323
reference_id RHSA-2025:8323
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8323
21
reference_url https://access.redhat.com/errata/RHSA-2025:8664
reference_id RHSA-2025:8664
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8664
22
reference_url https://usn.ubuntu.com/7547-1/
reference_id USN-7547-1
reference_type
scores
url https://usn.ubuntu.com/7547-1/
fixed_packages
0
url pkg:deb/debian/python-tornado@6.1.0-1?distro=trixie
purl pkg:deb/debian/python-tornado@6.1.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.1.0-1%3Fdistro=trixie
1
url pkg:deb/debian/python-tornado@6.1.0-1%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/python-tornado@6.1.0-1%2Bdeb11u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.1.0-1%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/python-tornado@6.2.0-3%2Bdeb12u2?distro=trixie
purl pkg:deb/debian/python-tornado@6.2.0-3%2Bdeb12u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-27x3-ch78-8ueh
1
vulnerability VCID-be89-uuxa-fyb5
2
vulnerability VCID-g13r-ansu-27av
3
vulnerability VCID-nq24-395d-wuar
4
vulnerability VCID-y1z8-z2f1-mqg7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.2.0-3%252Bdeb12u2%3Fdistro=trixie
3
url pkg:deb/debian/python-tornado@6.4.2-2?distro=trixie
purl pkg:deb/debian/python-tornado@6.4.2-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.4.2-2%3Fdistro=trixie
4
url pkg:deb/debian/python-tornado@6.4.2-3?distro=trixie
purl pkg:deb/debian/python-tornado@6.4.2-3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-27x3-ch78-8ueh
1
vulnerability VCID-be89-uuxa-fyb5
2
vulnerability VCID-g13r-ansu-27av
3
vulnerability VCID-nq24-395d-wuar
4
vulnerability VCID-y1z8-z2f1-mqg7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.4.2-3%3Fdistro=trixie
5
url pkg:deb/debian/python-tornado@6.5.4-1?distro=trixie
purl pkg:deb/debian/python-tornado@6.5.4-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-be89-uuxa-fyb5
1
vulnerability VCID-nq24-395d-wuar
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.5.4-1%3Fdistro=trixie
6
url pkg:deb/debian/python-tornado@6.5.5-1?distro=trixie
purl pkg:deb/debian/python-tornado@6.5.5-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.5.5-1%3Fdistro=trixie
aliases CVE-2025-47287, GHSA-7cx3-6m66-7c5m
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-62bx-a5uf-j3b4
4
url VCID-6knn-nt2y-1uem
vulnerability_id VCID-6knn-nt2y-1uem
summary Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28370.json
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28370.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-28370
reference_id
reference_type
scores
0
value 0.00528
scoring_system epss
scoring_elements 0.67157
published_at 2026-04-13T12:55:00Z
1
value 0.00528
scoring_system epss
scoring_elements 0.67187
published_at 2026-04-12T12:55:00Z
2
value 0.00528
scoring_system epss
scoring_elements 0.67201
published_at 2026-04-11T12:55:00Z
3
value 0.00528
scoring_system epss
scoring_elements 0.67182
published_at 2026-04-09T12:55:00Z
4
value 0.00528
scoring_system epss
scoring_elements 0.67169
published_at 2026-04-08T12:55:00Z
5
value 0.00528
scoring_system epss
scoring_elements 0.67119
published_at 2026-04-07T12:55:00Z
6
value 0.00528
scoring_system epss
scoring_elements 0.67144
published_at 2026-04-04T12:55:00Z
7
value 0.00528
scoring_system epss
scoring_elements 0.67121
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-28370
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28370
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28370
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/tornado/PYSEC-2023-75.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/tornado/PYSEC-2023-75.yaml
5
reference_url https://github.com/tornadoweb/tornado
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/tornadoweb/tornado
6
reference_url https://github.com/tornadoweb/tornado/commit/32ad07c54e607839273b4e1819c347f5c8976b2f
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/tornadoweb/tornado/commit/32ad07c54e607839273b4e1819c347f5c8976b2f
7
reference_url https://github.com/tornadoweb/tornado/releases/tag/v6.3.2
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T15:19:04Z/
url https://github.com/tornadoweb/tornado/releases/tag/v6.3.2
8
reference_url https://jvn.jp/en/jp/JVN45127776
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jvn.jp/en/jp/JVN45127776
9
reference_url https://jvn.jp/en/jp/JVN45127776/
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T15:19:04Z/
url https://jvn.jp/en/jp/JVN45127776/
10
reference_url https://lists.debian.org/debian-lts-announce/2025/01/msg00000.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/01/msg00000.html
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036875
reference_id 1036875
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036875
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2210199
reference_id 2210199
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2210199
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-28370
reference_id CVE-2023-28370
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-28370
14
reference_url https://github.com/advisories/GHSA-hj3f-6gcp-jg8j
reference_id GHSA-hj3f-6gcp-jg8j
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hj3f-6gcp-jg8j
15
reference_url https://access.redhat.com/errata/RHSA-2023:6523
reference_id RHSA-2023:6523
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6523
16
reference_url https://usn.ubuntu.com/6159-1/
reference_id USN-6159-1
reference_type
scores
url https://usn.ubuntu.com/6159-1/
17
reference_url https://usn.ubuntu.com/7150-1/
reference_id USN-7150-1
reference_type
scores
url https://usn.ubuntu.com/7150-1/
fixed_packages
0
url pkg:deb/debian/python-tornado@6.1.0-1?distro=trixie
purl pkg:deb/debian/python-tornado@6.1.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.1.0-1%3Fdistro=trixie
1
url pkg:deb/debian/python-tornado@6.1.0-1%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/python-tornado@6.1.0-1%2Bdeb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.1.0-1%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/python-tornado@6.2.0-3%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/python-tornado@6.2.0-3%2Bdeb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.2.0-3%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/python-tornado@6.2.0-3%2Bdeb12u2?distro=trixie
purl pkg:deb/debian/python-tornado@6.2.0-3%2Bdeb12u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-27x3-ch78-8ueh
1
vulnerability VCID-be89-uuxa-fyb5
2
vulnerability VCID-g13r-ansu-27av
3
vulnerability VCID-nq24-395d-wuar
4
vulnerability VCID-y1z8-z2f1-mqg7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.2.0-3%252Bdeb12u2%3Fdistro=trixie
4
url pkg:deb/debian/python-tornado@6.3.2-1?distro=trixie
purl pkg:deb/debian/python-tornado@6.3.2-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.3.2-1%3Fdistro=trixie
5
url pkg:deb/debian/python-tornado@6.4.2-3?distro=trixie
purl pkg:deb/debian/python-tornado@6.4.2-3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-27x3-ch78-8ueh
1
vulnerability VCID-be89-uuxa-fyb5
2
vulnerability VCID-g13r-ansu-27av
3
vulnerability VCID-nq24-395d-wuar
4
vulnerability VCID-y1z8-z2f1-mqg7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.4.2-3%3Fdistro=trixie
6
url pkg:deb/debian/python-tornado@6.5.4-1?distro=trixie
purl pkg:deb/debian/python-tornado@6.5.4-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-be89-uuxa-fyb5
1
vulnerability VCID-nq24-395d-wuar
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.5.4-1%3Fdistro=trixie
7
url pkg:deb/debian/python-tornado@6.5.5-1?distro=trixie
purl pkg:deb/debian/python-tornado@6.5.5-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.5.5-1%3Fdistro=trixie
aliases CVE-2023-28370, GHSA-hj3f-6gcp-jg8j, PYSEC-2023-75
risk_score 3.4
exploitability 0.5
weighted_severity 6.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6knn-nt2y-1uem
5
url VCID-8kva-hv12-9ydc
vulnerability_id VCID-8kva-hv12-9ydc
summary Tornado before 3.2.2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests.
references
0
reference_url http://openwall.com/lists/oss-security/2015/05/19/4
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2015/05/19/4
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9720.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9720.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-9720
reference_id
reference_type
scores
0
value 0.00904
scoring_system epss
scoring_elements 0.75734
published_at 2026-04-11T12:55:00Z
1
value 0.00904
scoring_system epss
scoring_elements 0.7571
published_at 2026-04-09T12:55:00Z
2
value 0.00904
scoring_system epss
scoring_elements 0.75699
published_at 2026-04-08T12:55:00Z
3
value 0.00904
scoring_system epss
scoring_elements 0.75665
published_at 2026-04-07T12:55:00Z
4
value 0.00904
scoring_system epss
scoring_elements 0.75653
published_at 2026-04-01T12:55:00Z
5
value 0.00904
scoring_system epss
scoring_elements 0.75709
published_at 2026-04-13T12:55:00Z
6
value 0.00904
scoring_system epss
scoring_elements 0.75716
published_at 2026-04-12T12:55:00Z
7
value 0.00904
scoring_system epss
scoring_elements 0.75686
published_at 2026-04-04T12:55:00Z
8
value 0.00904
scoring_system epss
scoring_elements 0.75655
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-9720
3
reference_url https://bugzilla.novell.com/show_bug.cgi?id=930362
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.novell.com/show_bug.cgi?id=930362
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1222816
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1222816
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9720
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9720
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/tornado/PYSEC-2020-213.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/tornado/PYSEC-2020-213.yaml
7
reference_url https://github.com/tornadoweb/tornado
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/tornadoweb/tornado
8
reference_url https://github.com/tornadoweb/tornado/commit/1c36307463b1e8affae100bf9386948e6c1b2308
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/tornadoweb/tornado/commit/1c36307463b1e8affae100bf9386948e6c1b2308
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-9720
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-9720
10
reference_url http://www.tornadoweb.org/en/stable/releases/v3.2.2.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.tornadoweb.org/en/stable/releases/v3.2.2.html
11
reference_url https://github.com/advisories/GHSA-8vpw-mgpf-mpvv
reference_id GHSA-8vpw-mgpf-mpvv
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8vpw-mgpf-mpvv
fixed_packages
0
url pkg:deb/debian/python-tornado@3.2.2-1?distro=trixie
purl pkg:deb/debian/python-tornado@3.2.2-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@3.2.2-1%3Fdistro=trixie
1
url pkg:deb/debian/python-tornado@6.1.0-1?distro=trixie
purl pkg:deb/debian/python-tornado@6.1.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.1.0-1%3Fdistro=trixie
2
url pkg:deb/debian/python-tornado@6.2.0-3%2Bdeb12u2?distro=trixie
purl pkg:deb/debian/python-tornado@6.2.0-3%2Bdeb12u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-27x3-ch78-8ueh
1
vulnerability VCID-be89-uuxa-fyb5
2
vulnerability VCID-g13r-ansu-27av
3
vulnerability VCID-nq24-395d-wuar
4
vulnerability VCID-y1z8-z2f1-mqg7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.2.0-3%252Bdeb12u2%3Fdistro=trixie
3
url pkg:deb/debian/python-tornado@6.4.2-3?distro=trixie
purl pkg:deb/debian/python-tornado@6.4.2-3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-27x3-ch78-8ueh
1
vulnerability VCID-be89-uuxa-fyb5
2
vulnerability VCID-g13r-ansu-27av
3
vulnerability VCID-nq24-395d-wuar
4
vulnerability VCID-y1z8-z2f1-mqg7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.4.2-3%3Fdistro=trixie
4
url pkg:deb/debian/python-tornado@6.5.4-1?distro=trixie
purl pkg:deb/debian/python-tornado@6.5.4-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-be89-uuxa-fyb5
1
vulnerability VCID-nq24-395d-wuar
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.5.4-1%3Fdistro=trixie
5
url pkg:deb/debian/python-tornado@6.5.5-1?distro=trixie
purl pkg:deb/debian/python-tornado@6.5.5-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.5.5-1%3Fdistro=trixie
aliases CVE-2014-9720, GHSA-8vpw-mgpf-mpvv, PYSEC-2020-213
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8kva-hv12-9ydc
6
url VCID-byy6-ku5b-ykew
vulnerability_id VCID-byy6-ku5b-ykew
summary CRLF injection vulnerability in the tornado.web.RequestHandler.set_header function in Tornado before 2.2.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input.
references
0
reference_url http://openwall.com/lists/oss-security/2012/05/18/12
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2012/05/18/12
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-2374
reference_id
reference_type
scores
0
value 0.00329
scoring_system epss
scoring_elements 0.55909
published_at 2026-04-13T12:55:00Z
1
value 0.00329
scoring_system epss
scoring_elements 0.55772
published_at 2026-04-01T12:55:00Z
2
value 0.00329
scoring_system epss
scoring_elements 0.55884
published_at 2026-04-02T12:55:00Z
3
value 0.00329
scoring_system epss
scoring_elements 0.55906
published_at 2026-04-04T12:55:00Z
4
value 0.00329
scoring_system epss
scoring_elements 0.55885
published_at 2026-04-07T12:55:00Z
5
value 0.00329
scoring_system epss
scoring_elements 0.55935
published_at 2026-04-08T12:55:00Z
6
value 0.00329
scoring_system epss
scoring_elements 0.55938
published_at 2026-04-09T12:55:00Z
7
value 0.00329
scoring_system epss
scoring_elements 0.55947
published_at 2026-04-11T12:55:00Z
8
value 0.00329
scoring_system epss
scoring_elements 0.55927
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-2374
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2374
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2374
3
reference_url http://secunia.com/advisories/49185
reference_id
reference_type
scores
url http://secunia.com/advisories/49185
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/tornado/PYSEC-2012-5.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/tornado/PYSEC-2012-5.yaml
5
reference_url https://github.com/tornadoweb/tornado
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/tornadoweb/tornado
6
reference_url https://github.com/tornadoweb/tornado/commit/1ae91f6d58e6257e0ab49d295d8741ce1727bdb7
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/tornadoweb/tornado/commit/1ae91f6d58e6257e0ab49d295d8741ce1727bdb7
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-2374
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-2374
8
reference_url https://web.archive.org/web/20140720192646/http://secunia.com/advisories/49185
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20140720192646/http://secunia.com/advisories/49185
9
reference_url https://web.archive.org/web/20200229124524/http://www.securityfocus.com/bid/53612
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200229124524/http://www.securityfocus.com/bid/53612
10
reference_url http://www.openwall.com/lists/oss-security/2012/05/18/6
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2012/05/18/6
11
reference_url http://www.securityfocus.com/bid/53612
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/53612
12
reference_url http://www.tornadoweb.org/documentation/releases/v2.2.1.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.tornadoweb.org/documentation/releases/v2.2.1.html
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=673987
reference_id 673987
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=673987
14
reference_url https://github.com/advisories/GHSA-f7fv-v9rh-prvc
reference_id GHSA-f7fv-v9rh-prvc
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f7fv-v9rh-prvc
fixed_packages
0
url pkg:deb/debian/python-tornado@2.1.0-3?distro=trixie
purl pkg:deb/debian/python-tornado@2.1.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@2.1.0-3%3Fdistro=trixie
1
url pkg:deb/debian/python-tornado@6.1.0-1?distro=trixie
purl pkg:deb/debian/python-tornado@6.1.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.1.0-1%3Fdistro=trixie
2
url pkg:deb/debian/python-tornado@6.2.0-3%2Bdeb12u2?distro=trixie
purl pkg:deb/debian/python-tornado@6.2.0-3%2Bdeb12u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-27x3-ch78-8ueh
1
vulnerability VCID-be89-uuxa-fyb5
2
vulnerability VCID-g13r-ansu-27av
3
vulnerability VCID-nq24-395d-wuar
4
vulnerability VCID-y1z8-z2f1-mqg7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.2.0-3%252Bdeb12u2%3Fdistro=trixie
3
url pkg:deb/debian/python-tornado@6.4.2-3?distro=trixie
purl pkg:deb/debian/python-tornado@6.4.2-3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-27x3-ch78-8ueh
1
vulnerability VCID-be89-uuxa-fyb5
2
vulnerability VCID-g13r-ansu-27av
3
vulnerability VCID-nq24-395d-wuar
4
vulnerability VCID-y1z8-z2f1-mqg7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.4.2-3%3Fdistro=trixie
4
url pkg:deb/debian/python-tornado@6.5.4-1?distro=trixie
purl pkg:deb/debian/python-tornado@6.5.4-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-be89-uuxa-fyb5
1
vulnerability VCID-nq24-395d-wuar
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.5.4-1%3Fdistro=trixie
5
url pkg:deb/debian/python-tornado@6.5.5-1?distro=trixie
purl pkg:deb/debian/python-tornado@6.5.5-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.5.5-1%3Fdistro=trixie
aliases CVE-2012-2374, GHSA-f7fv-v9rh-prvc, PYSEC-2012-5
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-byy6-ku5b-ykew
7
url VCID-g13r-ansu-27av
vulnerability_id VCID-g13r-ansu-27av
summary tornado: Tornado Header Injection and XSS via reason argument
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-67724.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-67724.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-67724
reference_id
reference_type
scores
0
value 0.00058
scoring_system epss
scoring_elements 0.1836
published_at 2026-04-02T12:55:00Z
1
value 0.00058
scoring_system epss
scoring_elements 0.18415
published_at 2026-04-04T12:55:00Z
2
value 0.00058
scoring_system epss
scoring_elements 0.18119
published_at 2026-04-07T12:55:00Z
3
value 0.00058
scoring_system epss
scoring_elements 0.18204
published_at 2026-04-08T12:55:00Z
4
value 0.00058
scoring_system epss
scoring_elements 0.1826
published_at 2026-04-11T12:55:00Z
5
value 0.00058
scoring_system epss
scoring_elements 0.18213
published_at 2026-04-12T12:55:00Z
6
value 0.00058
scoring_system epss
scoring_elements 0.18258
published_at 2026-04-09T12:55:00Z
7
value 0.00078
scoring_system epss
scoring_elements 0.23188
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-67724
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67724
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67724
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122660
reference_id 1122660
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122660
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2421719
reference_id 2421719
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2421719
6
reference_url https://usn.ubuntu.com/7950-1/
reference_id USN-7950-1
reference_type
scores
url https://usn.ubuntu.com/7950-1/
fixed_packages
0
url pkg:deb/debian/python-tornado@6.1.0-1?distro=trixie
purl pkg:deb/debian/python-tornado@6.1.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.1.0-1%3Fdistro=trixie
1
url pkg:deb/debian/python-tornado@6.1.0-1%2Bdeb11u3?distro=trixie
purl pkg:deb/debian/python-tornado@6.1.0-1%2Bdeb11u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.1.0-1%252Bdeb11u3%3Fdistro=trixie
2
url pkg:deb/debian/python-tornado@6.2.0-3%2Bdeb12u2?distro=trixie
purl pkg:deb/debian/python-tornado@6.2.0-3%2Bdeb12u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-27x3-ch78-8ueh
1
vulnerability VCID-be89-uuxa-fyb5
2
vulnerability VCID-g13r-ansu-27av
3
vulnerability VCID-nq24-395d-wuar
4
vulnerability VCID-y1z8-z2f1-mqg7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.2.0-3%252Bdeb12u2%3Fdistro=trixie
3
url pkg:deb/debian/python-tornado@6.2.0-3%2Bdeb12u4?distro=trixie
purl pkg:deb/debian/python-tornado@6.2.0-3%2Bdeb12u4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.2.0-3%252Bdeb12u4%3Fdistro=trixie
4
url pkg:deb/debian/python-tornado@6.4.2-3?distro=trixie
purl pkg:deb/debian/python-tornado@6.4.2-3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-27x3-ch78-8ueh
1
vulnerability VCID-be89-uuxa-fyb5
2
vulnerability VCID-g13r-ansu-27av
3
vulnerability VCID-nq24-395d-wuar
4
vulnerability VCID-y1z8-z2f1-mqg7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.4.2-3%3Fdistro=trixie
5
url pkg:deb/debian/python-tornado@6.4.2-3%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/python-tornado@6.4.2-3%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.4.2-3%252Bdeb13u2%3Fdistro=trixie
6
url pkg:deb/debian/python-tornado@6.5.4-0.1?distro=trixie
purl pkg:deb/debian/python-tornado@6.5.4-0.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.5.4-0.1%3Fdistro=trixie
7
url pkg:deb/debian/python-tornado@6.5.4-1?distro=trixie
purl pkg:deb/debian/python-tornado@6.5.4-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-be89-uuxa-fyb5
1
vulnerability VCID-nq24-395d-wuar
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.5.4-1%3Fdistro=trixie
8
url pkg:deb/debian/python-tornado@6.5.5-1?distro=trixie
purl pkg:deb/debian/python-tornado@6.5.5-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.5.5-1%3Fdistro=trixie
aliases CVE-2025-67724
risk_score 2.5
exploitability 0.5
weighted_severity 4.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g13r-ansu-27av
8
url VCID-y1z8-z2f1-mqg7
vulnerability_id VCID-y1z8-z2f1-mqg7
summary tornado: Tornado Quadratic DoS via Crafted Multipart Parameters
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-67726.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-67726.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-67726
reference_id
reference_type
scores
0
value 0.00118
scoring_system epss
scoring_elements 0.30824
published_at 2026-04-02T12:55:00Z
1
value 0.00118
scoring_system epss
scoring_elements 0.30739
published_at 2026-04-12T12:55:00Z
2
value 0.00118
scoring_system epss
scoring_elements 0.30783
published_at 2026-04-11T12:55:00Z
3
value 0.00118
scoring_system epss
scoring_elements 0.3078
published_at 2026-04-09T12:55:00Z
4
value 0.00118
scoring_system epss
scoring_elements 0.30748
published_at 2026-04-08T12:55:00Z
5
value 0.00118
scoring_system epss
scoring_elements 0.30872
published_at 2026-04-04T12:55:00Z
6
value 0.00118
scoring_system epss
scoring_elements 0.30691
published_at 2026-04-07T12:55:00Z
7
value 0.00124
scoring_system epss
scoring_elements 0.31601
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-67726
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67726
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67726
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122663
reference_id 1122663
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122663
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2421733
reference_id 2421733
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2421733
6
reference_url https://github.com/tornadoweb/tornado/commit/771472cfdaeebc0d89a9cc46e249f8891a6b29cd
reference_id 771472cfdaeebc0d89a9cc46e249f8891a6b29cd
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-18T18:47:53Z/
url https://github.com/tornadoweb/tornado/commit/771472cfdaeebc0d89a9cc46e249f8891a6b29cd
7
reference_url https://github.com/tornadoweb/tornado/security/advisories/GHSA-jhmp-mqwm-3gq8
reference_id GHSA-jhmp-mqwm-3gq8
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-18T18:47:53Z/
url https://github.com/tornadoweb/tornado/security/advisories/GHSA-jhmp-mqwm-3gq8
8
reference_url https://access.redhat.com/errata/RHSA-2026:0930
reference_id RHSA-2026:0930
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:0930
9
reference_url https://access.redhat.com/errata/RHSA-2026:2106
reference_id RHSA-2026:2106
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2106
10
reference_url https://access.redhat.com/errata/RHSA-2026:2462
reference_id RHSA-2026:2462
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2462
11
reference_url https://access.redhat.com/errata/RHSA-2026:2465
reference_id RHSA-2026:2465
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2465
12
reference_url https://access.redhat.com/errata/RHSA-2026:2469
reference_id RHSA-2026:2469
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2469
13
reference_url https://access.redhat.com/errata/RHSA-2026:2484
reference_id RHSA-2026:2484
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2484
14
reference_url https://access.redhat.com/errata/RHSA-2026:3713
reference_id RHSA-2026:3713
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3713
15
reference_url https://usn.ubuntu.com/7950-1/
reference_id USN-7950-1
reference_type
scores
url https://usn.ubuntu.com/7950-1/
16
reference_url https://github.com/tornadoweb/tornado/releases/tag/v6.5.3
reference_id v6.5.3
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-18T18:47:53Z/
url https://github.com/tornadoweb/tornado/releases/tag/v6.5.3
fixed_packages
0
url pkg:deb/debian/python-tornado@6.1.0-1?distro=trixie
purl pkg:deb/debian/python-tornado@6.1.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.1.0-1%3Fdistro=trixie
1
url pkg:deb/debian/python-tornado@6.1.0-1%2Bdeb11u3?distro=trixie
purl pkg:deb/debian/python-tornado@6.1.0-1%2Bdeb11u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.1.0-1%252Bdeb11u3%3Fdistro=trixie
2
url pkg:deb/debian/python-tornado@6.2.0-3%2Bdeb12u2?distro=trixie
purl pkg:deb/debian/python-tornado@6.2.0-3%2Bdeb12u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-27x3-ch78-8ueh
1
vulnerability VCID-be89-uuxa-fyb5
2
vulnerability VCID-g13r-ansu-27av
3
vulnerability VCID-nq24-395d-wuar
4
vulnerability VCID-y1z8-z2f1-mqg7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.2.0-3%252Bdeb12u2%3Fdistro=trixie
3
url pkg:deb/debian/python-tornado@6.2.0-3%2Bdeb12u4?distro=trixie
purl pkg:deb/debian/python-tornado@6.2.0-3%2Bdeb12u4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.2.0-3%252Bdeb12u4%3Fdistro=trixie
4
url pkg:deb/debian/python-tornado@6.4.2-3?distro=trixie
purl pkg:deb/debian/python-tornado@6.4.2-3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-27x3-ch78-8ueh
1
vulnerability VCID-be89-uuxa-fyb5
2
vulnerability VCID-g13r-ansu-27av
3
vulnerability VCID-nq24-395d-wuar
4
vulnerability VCID-y1z8-z2f1-mqg7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.4.2-3%3Fdistro=trixie
5
url pkg:deb/debian/python-tornado@6.4.2-3%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/python-tornado@6.4.2-3%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.4.2-3%252Bdeb13u2%3Fdistro=trixie
6
url pkg:deb/debian/python-tornado@6.5.4-0.1?distro=trixie
purl pkg:deb/debian/python-tornado@6.5.4-0.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.5.4-0.1%3Fdistro=trixie
7
url pkg:deb/debian/python-tornado@6.5.4-1?distro=trixie
purl pkg:deb/debian/python-tornado@6.5.4-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-be89-uuxa-fyb5
1
vulnerability VCID-nq24-395d-wuar
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.5.4-1%3Fdistro=trixie
8
url pkg:deb/debian/python-tornado@6.5.5-1?distro=trixie
purl pkg:deb/debian/python-tornado@6.5.5-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.5.5-1%3Fdistro=trixie
aliases CVE-2025-67726
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y1z8-z2f1-mqg7
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.5.4-1%3Fdistro=trixie