Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

pypi tornado Security Advisories

Moderate

GSA_kwCzR0hTQS1xcHB2LWo3NmgtMnJweM4AA1Sz

Tornado vulnerable to HTTP request smuggling via improper parsing of `Content-Length` fields and chunk lengths
Ecosystems: pypi
Packages: tornado
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago

Moderate

GSA_kwCzR0hTQS1oajNmLTZnY3Atamc4as4AAzeO

Open redirect in Tornado
Ecosystems: pypi
Packages: tornado
Source: GitHub Advisory Database
Blast Radius: 30.8
Published: 11 months ago

Moderate

GSA_kwCzR0hTQS04dnB3LW1ncGYtbXB2ds4AAgVX

Tornado XSRF cookie allows side-channel attack against TLS (BREACH attack)
Ecosystems: pypi
Packages: tornado
Source: GitHub Advisory Database
Blast Radius: 32.9
Published: almost 2 years ago

Statistics

Advisories: 17,626
Packages: 8,159
Repositories: 1
Ecosystems: 12

Filter by Severity

Moderate 7,535 High 6,145 Critical 2,701 Low 963

Filter by Ecosystem

maven 5,504 pypi 3,538 npm 3,526 packagist 3,259 go 1,836 nuget 1,388 rubygems 812 cargo 772 swift 31 hex 29 actions 16 pub 8

Filter by Package

tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 django 80 apache-airflow 78 ansible 63 apache-superset 48 plone 42 rdiffweb 42 Pillow 41 salt 38 Plone 36 matrix-synapse 34 vyper 32 opencv-contrib-python 30 opencv-python 30 mlflow 30 Django 21 langchain 18 PaddlePaddle 17 cobbler 17 cryptography 15 pillow 15 notebook 15 paddlepaddle 15 gradio 14 modoboa 14 pyload-ng 13 pyftpdlib 13 nova 13 keystone 12 OctoPrint 12 vantage6 12 neutron 12 twisted 11 calibreweb 11 urllib3 11 onionshare-cli 11 glance 11 Flask-AppBuilder 10 aiohttp 10 kiwitcms 9 waitress 9 zope 9 wagtail 9 Zope 9 moin 9 opencv-contrib-python-headless 9 opencv-python-headless 9 ethyca-fides 9 aubio 8 numpy 8 label-studio 8 pysaml2 7 scrapy 7 lief 7 pip 7 python-keystoneclient 7 matrix-sydent 7 nautobot 7 swift 7 jupyter-server 7 pgadmin4 6 lxml 6 tuf 6 mailman 6 apache-airflow-providers-apache-hive 6 graphite-web 6 mindsdb 6 Zope2 6 sentry 6 web2py 6 ipython 6 inventree 6 requests 5 bleach 5 paramiko 5 lmdb 5 Products.CMFPlone 5 pyspark 5 whoogle-search 5 python-gnupg 5 roundup 5 saleor 5 horizon 5 trytond 5 ckan 5 feedparser 5 omero-web 4 bottle 4 nvflare 4 httpie 4 FreeTAKServer-UI 4 Flask-Security-Too 4 datasette 4 ansible-core 4 transformers 4 nltk 4 Jinja2 4 markdown2 4 oauthenticator 4 yt-dlp 4 reportlab 4 starlette 4 werkzeug 4 grpc 4 grpcio 4 Pygments 4 buildbot 4 esphome 4 PyPDF2 4 software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk 4 GitPython 4 pretix 4 aws-iot-device-sdk-v2 4 awsiotsdk 4 qutebrowser 4 keylime 4 jupyterhub 4 aim 3 io.grpc:grpc-protobuf 3 Products.PluggableAuthService 3 apache-libcloud 3 indy-node 3 tripleo-heat-templates 3 barbican 3 sanic 3 tornado 3 onnx 3 pyarrow 3 asyncssh 3 ray 3 zenml 3 flask 3 rsa 3 apache-iotdb 3 pyyaml 3 django-helpdesk 3 sqlparse 3 ujson 3 ansible-runner 3 fava 3 pandasai 3 Weblate 3 mayan-edms 3 asyncua 3 jwcrypto 3 pywasm3 3 mitmproxy 3 Werkzeug 3 cinder 3 copyparty 3 localstack 3 apache-airflow-providers-apache-spark 3 mistune 3 ecdsa 3 Keystone 3 poetry 3 quokka 3 plone.app.event 3 plone.app.theming 3 openvpn-monitor 3 gerapy 3 wger 3 indico 3 sickrage 3 keyring 3 torchserve 3 slixmpp 3 ryu 3 bitlyshortener 3 jupyterlab 3 clearml 3 docassemble.webapp 3 streamlit 3 protobuf 3 plone.supermodel 3 plone.app.dexterity 3 mercurial 2 openapi-python-client 2 dtale 2 uvicorn 2 tlslite-ng 2 pyopenssl 2 flaskcode 2 wasm3 2 in-toto 2 tripleo-ansible 2 scancodeio 2 aws-encryption-sdk 2 apache-airflow-providers-apache-drill 2 snowflake-connector-python 2 aiohttp-session 2 keystonemiddleware 2 pyxdg 2 DIRAC 2 zope2 2 python-cjson 2 Products.CMFCore 2 mako 2

Filter by Repository

https://github.com/tornadoweb/tornado 3