CVE security advisories and vulnerability history for tor by torproject.
Last updated
torproject tor has 41 published CVE records since 2012, of which 1 are in CISA's Known Exploited Vulnerabilities catalog and 4 have a known public exploit. The average CVSS base score across scored CVEs is 4.8.
This page aggregates every publicly disclosed vulnerability (CVE) affecting torproject tor, with a severity breakdown, the affected and patched versions, the most common weakness types, and the full CVE list.
How the CVSS severity of torproject tor's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.
33 additional CVEs have no CVSS severity score.
In CISA’s Known Exploited Vulnerabilities catalog
1
One of torproject tor's CVEs is confirmed exploited in the wild.
Public exploits
4
4 of torproject tor's CVEs have a known public exploit available.
Browse every torproject tor version named in a CVE, then pick one to see only the CVEs that affect it.
41 CVEs
Added to CISA KEV 2023-06-22
Showing 30 of 41
The CWE weakness categories most often found in torproject tor CVEs. Follow any weakness for its full explanation.
How many torproject tor CVEs were published each year.
Browse vulnerabilities for other products by torproject.
Common questions about torproject tor vulnerabilities.
torproject tor has 41 published CVE records since 2012.
Yes — 1 of torproject tor's CVEs are listed in CISA's Known Exploited Vulnerabilities catalog, confirmed exploited in the wild and carrying a CISA remediation deadline.
Yes — 4 of torproject tor's CVEs have a known public exploit.
449 distinct torproject tor versions are named across its CVEs. Use the version filter above to see the CVEs affecting a specific version.
torproject tor's CVEs most often map to these CWE weakness types: CWE-193 (Off-by-one Error), CWE-416 (Use After Free), CWE-476 (NULL Pointer Dereference), CWE-669 (Incorrect Resource Transfer Between Spheres).
torproject tor has 1 critical and 0 high-severity CVEs.
The average CVSS base score across torproject tor's scored CVEs is 4.8.
Vulnerability data is sourced from the CVE Program; severity, KEV, and exploit signals are aggregated by RadicalNotion.AI.
Monitor new torproject tor vulnerabilities as they are disclosed, with AI-written analysis and remediation guidance.
