CVE Tools

the tor project, inc.

Security ProductsUSoss-project

3

Cumulative CVEs

1

Monthly snapshots

#177

Peak rank

Top products

Latest CVEs

The 12 most recently published vulnerabilities affecting the tor project, inc..

BDU:2025-13227Уязвимость механизмов рендеринга Blink и WebKit браузеров на основе Chromium и Safari, позволяющая нарушителю вызвать отказ в обслуживании браузера5.4Oct 22, 2025
CVE-2022-33903Tor 0.4.7.x before 0.4.7.8 allows a denial of service via the wedging of RTT estimation.7.5Jul 17, 2022
CVE-2021-34550An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-006. The v3 onion service descriptor parsing allows out-of-bounds memory access, and a client crash, via a crafted onion service descri...7.5Jun 29, 2021
CVE-2021-34549An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-005. Hashing is mishandled for certain retrieval of circuit data. Consequently. an attacker can trigger the use of an attacker-chosen c...7.5Jun 29, 2021
CVE-2021-34548An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-003. An attacker can forge RELAY_END or RELAY_RESOLVED to bypass the intended access control for ending a stream.7.5Jun 29, 2021
CVE-2021-28090Tor before 0.4.5.7 allows a remote attacker to cause Tor directory authorities to exit with an assertion failure, aka TROVE-2021-002.5.3Mar 19, 2021
CVE-2021-28089Tor before 0.4.5.7 allows a remote participant in the Tor directory protocol to exhaust CPU resources on a target, aka TROVE-2021-001.7.5Mar 19, 2021
CVE-2020-10592Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (CPU consumption), aka TROVE-2020-002.7.5Mar 23, 2020
CVE-2019-13075Tor Browser through 8.5.3 has an information exposure vulnerability. It allows remote attackers to detect the browser's language via vectors involving an IFRAME element, because text in that langua...5.3Jun 30, 2019
CVE-2017-16541Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages...6.5Nov 4, 2017
CVE-2017-11565debian/tor.init in the Debian tor_0.2.9.11-1~deb9u1 package for Tor was designed to execute aa-exec from the standard system pathname if the apparmor package is installed, but implements this incor...7.5Jul 23, 2017
CVE-2014-5117Tor before 0.2.4.23 and 0.2.5 before 0.2.5.6-alpha maintains a circuit after an inbound RELAY_EARLY cell is received by a client, which makes it easier for remote attackers to conduct traffic-confi...5.8Jul 30, 2014