Browse all 8 CVE security advisories affecting tornadoweb. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Tornadoweb is a Python web framework designed for building scalable real-time applications. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, with eight CVEs documented. The framework's asynchronous architecture has introduced unique security challenges, particularly in input validation and session management. While no major public security incidents have been widely reported, the consistent pattern of vulnerabilities in earlier versions highlights the importance of regular updates and secure coding practices. Developers implementing Tornadoweb should prioritize input sanitization and proper access controls to mitigate potential exploitation risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-35536 | Tornado 安全漏洞 — TornadoCWE-159 | 7.2 | High | 2026-04-03 |
| CVE-2026-31958 | Tornado has a DoS due to too many multipart parts — tornadoCWE-400 | 6.5AI | MediumAI | 2026-03-11 |
| CVE-2025-67726 | Tornado is Vulnerable to Quadratic DoS via Crafted Multipart Parameters — tornadoCWE-834 | 7.5 | High | 2025-12-12 |
| CVE-2025-67725 | Tornado is Vulnerable to Quadratic DoS via Repeated Header Coalescing — tornadoCWE-400 | 7.5 | High | 2025-12-12 |
| CVE-2025-67724 | Tornado vulnerable to Header Injection and XSS via reason argument — tornadoCWE-79 | 5.4 | Medium | 2025-12-12 |
| CVE-2025-47287 | Tornado vulnerable to excessive logging caused by malformed multipart form data — tornadoCWE-770 | 7.5 | High | 2025-05-15 |
| CVE-2024-52804 | Tornado has HTTP cookie parsing DoS vulnerability — tornadoCWE-400 | 7.5 | High | 2024-11-22 |
| CVE-2023-28370 | Tornado 输入验证错误漏洞 — Tornado | 6.1 | - | 2023-05-25 |
This page lists every published CVE security advisory associated with tornadoweb. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.