Live data from GitHub and PyPI, updated daily.
Data last fetched: 2026-06-29
10 active CVEs reported via OSV.dev
Tornado: Authorization header forwarded across cross-origin redirects in SimpleAsyncHTTPClient
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') in tornado
Tornado has incomplete validation of cookie attributes
Tornado vulnerable to excessive logging caused by malformed multipart form data
Tornado XSRF cookie allows side-channel attack against TLS (BREACH attack)
Tornado has an HTTP cookie parsing DoS vulnerability
Tornado has out-of-bounds memory access via C extension
Tornado CRLF injection vulnerability
Tornado has cookie attribute injection via .RequestHandler.set_cookie
Open redirect in Tornado
Other Web Framework projects in the Python ecosystem worth evaluating.
Get SLA-backed support, security patches, and direct access to senior engineers for Tornado — without relying on volunteer maintainers.