Tor
This hub aggregates every CVE we track for Tor, a product in the operating systems space. Use it to gauge the current risk picture and drill into individual advisories.
Operating Systemson-prem
106
CVEs tracked
4
Critical
30
High
1
In CISA KEV
Severity distribution
MEDIUM63HIGH30LOW9CRITICAL4
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
6
0
0
2024-082026-07
Latest CVEs
The 15 most recently published vulnerabilities affecting Tor.
- CVE-2026-44603Tor before 0.4.9.7 has an out-of-bounds read by one byte via a malformed BEGIN cell, aka TROVE-2026-007.3.7
- CVE-2026-44602Tor before 0.4.9.7 has a NULL pointer dereference when a CERT cell is received out of order, aka TROVE-2026-006.3.7
- CVE-2026-44601Tor before 0.4.9.7, when circuit queue memory pressure exists, can experience a client crash because of a double close of a circuit, aka TROVE-2026-009.3.7
- CVE-2026-44600Tor before 0.4.9.7 mishandles accounting of the conflux out-of-order queue during the clearing of a queue, aka TROVE-2026-010.3.7
- CVE-2026-44599Tor before 0.4.9.7 can attempt or accept BEGIN_DIR via conflux legs, aka TROVE-2026-008.3.7
- CVE-2026-44597Tor before 0.4.9.7 has an out-of-bounds read when an END, a TRUNCATE, or a TRUNCATED cell lacks a reason in its payload, aka TROVE-2026-011.3.7
- BDU:2025-13227Уязвимость механизмов рендеринга Blink и WebKit браузеров на основе Chromium и Safari, позволяющая нарушителю вызвать отказ в обслуживании браузера5.4
- CVE-2023-23589The SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka TROVE-2022-002.6.5
- CVE-2022-33903Tor 0.4.7.x before 0.4.7.8 allows a denial of service via the wedging of RTT estimation.7.5
- CVE-2021-46702Tor Browser 9.0.7 on Windows 10 build 10586 is vulnerable to information disclosure. This could allow local attackers to bypass the intended anonymity feature and obtain information regarding the o...5.5
- CVE-2021-38385Tor before 0.3.5.16, 0.4.5.10, and 0.4.6.7 mishandles the relationship between batch-signature verification and single-signature verification, leading to a remote assertion failure, aka TROVE-2021-...7.5
- CVE-2021-34550An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-006. The v3 onion service descriptor parsing allows out-of-bounds memory access, and a client crash, via a crafted onion service descri...7.5
- CVE-2021-34549An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-005. Hashing is mishandled for certain retrieval of circuit data. Consequently. an attacker can trigger the use of an attacker-chosen c...7.5
- CVE-2021-34548An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-003. An attacker can forge RELAY_END or RELAY_RESOLVED to bypass the intended access control for ending a stream.7.5
- CVE-2021-28090Tor before 0.4.5.7 allows a remote attacker to cause Tor directory authorities to exit with an assertion failure, aka TROVE-2021-002.5.3
Product normalization is registry-driven with AI assist and human review. How it works