Dependabot Sweep: tornado
Ecosystem: pip
Highest severity: high
Total alerts: 2
Advisories
HIGH: Tornado vulnerable to excessive logging caused by malformed multipart form data
HIGH: Tornado has an HTTP cookie parsing DoS vulnerability
Raw data
{
"package": "tornado",
"ecosystem": "pip",
"advisories": [
{
"ghsa_id": "GHSA-7cx3-6m66-7c5m",
"cve_id": "CVE-2025-47287",
"severity": "high",
"summary": "Tornado vulnerable to excessive logging caused by malformed multipart form data",
"vulnerable_range": "< 6.5",
"patched_version": "6.5",
"alert_numbers": [
53
],
"manifest_paths": [
"uv.lock"
]
},
{
"ghsa_id": "GHSA-8w49-h785-mj3c",
"cve_id": "CVE-2024-52804",
"severity": "high",
"summary": "Tornado has an HTTP cookie parsing DoS vulnerability",
"vulnerable_range": "<= 6.4.1",
"patched_version": "6.4.2",
"alert_numbers": [
49
],
"manifest_paths": [
"uv.lock"
]
}
],
"all_manifest_paths": [
"uv.lock"
],
"max_severity": "high",
"alert_count": 2
}
Dependabot Sweep:
tornadoEcosystem: pip
Highest severity: high
Total alerts: 2
Advisories
HIGH: Tornado vulnerable to excessive logging caused by malformed multipart form data
uv.lockHIGH: Tornado has an HTTP cookie parsing DoS vulnerability
uv.lockRaw data
{ "package": "tornado", "ecosystem": "pip", "advisories": [ { "ghsa_id": "GHSA-7cx3-6m66-7c5m", "cve_id": "CVE-2025-47287", "severity": "high", "summary": "Tornado vulnerable to excessive logging caused by malformed multipart form data", "vulnerable_range": "< 6.5", "patched_version": "6.5", "alert_numbers": [ 53 ], "manifest_paths": [ "uv.lock" ] }, { "ghsa_id": "GHSA-8w49-h785-mj3c", "cve_id": "CVE-2024-52804", "severity": "high", "summary": "Tornado has an HTTP cookie parsing DoS vulnerability", "vulnerable_range": "<= 6.4.1", "patched_version": "6.4.2", "alert_numbers": [ 49 ], "manifest_paths": [ "uv.lock" ] } ], "all_manifest_paths": [ "uv.lock" ], "max_severity": "high", "alert_count": 2 }