Torproject
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Torproject product.
RSS Feeds for Torproject security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in Torproject products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by Torproject Sorted by Most Security Vulnerabilities since 2018
By the Year
In 2026 there have been 6 vulnerabilities in Torproject with an average score of 3.7 out of ten. Last year, in 2025 Torproject had 1 security vulnerability published. That is, 5 more vulnerabilities have already been reported in 2026 as compared to last year. Interestingly, the average vulnerability score and the number of vulnerabilities for 2026 and last year was the same.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 6 | 3.70 |
| 2025 | 1 | 3.70 |
| 2024 | 0 | 0.00 |
| 2023 | 1 | 6.50 |
| 2022 | 1 | 7.50 |
| 2021 | 6 | 7.13 |
| 2020 | 4 | 7.50 |
| 2019 | 3 | 0.00 |
| 2018 | 3 | 8.27 |
It may take a day or so for new Torproject vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Torproject Security Vulnerabilities
| CVE | Date | Vulnerability | Products |
|---|---|---|---|
| CVE-2026-44603 | May 07, 2026 |
Tor before 0.4.9.7 OOB Read via Malformed BEGIN CellTor before 0.4.9.7 has an out-of-bounds read by one byte via a malformed BEGIN cell, aka TROVE-2026-007. |
Tor
|
| CVE-2026-44602 | May 07, 2026 |
Tor <0.4.9.7 NULL Pointer Deref on CERT cell out-of-orderTor before 0.4.9.7 has a NULL pointer dereference when a CERT cell is received out of order, aka TROVE-2026-006. |
Tor
|
| CVE-2026-44601 | May 07, 2026 |
Tor 0.4.9.x DoubleClose Client Crash due to Circuit Queue PressureTor before 0.4.9.7, when circuit queue memory pressure exists, can experience a client crash because of a double close of a circuit, aka TROVE-2026-009. |
Tor
|
| CVE-2026-44600 | May 07, 2026 |
Tor 0.4.9.6 Conflux Queue Accounting FlawTor before 0.4.9.7 mishandles accounting of the conflux out-of-order queue during the clearing of a queue, aka TROVE-2026-010. |
Tor
|
| CVE-2026-44599 | May 07, 2026 |
Tor <=0.4.9.6 BEGIN_DIR Conflux Legs Vulnerability (CVE-2026-44599)Tor before 0.4.9.7 can attempt or accept BEGIN_DIR via conflux legs, aka TROVE-2026-008. |
Tor
|
| CVE-2026-44597 | May 07, 2026 |
Tor 0.4.9.7 < OOB Read on END/TRUNCATE cells lacking reason (TROVE-2026-011)Tor before 0.4.9.7 has an out-of-bounds read when an END, a TRUNCATE, or a TRUNCATED cell lacks a reason in its payload, aka TROVE-2026-011. |
Tor
|
| CVE-2025-4444 | Sep 18, 2025 |
Tor v0.4.8.17 Onion Service Descriptor Handler Resource ExhaustionA security flaw has been discovered in Tor up to 0.4.7.16/0.4.8.17. Impacted is an unknown function of the component Onion Service Descriptor Handler. Performing manipulation results in resource consumption. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitability is considered difficult. Upgrading to version 0.4.8.18 and 0.4.9.3-alpha is recommended to address this issue. It is recommended to upgrade the affected component. |
Tor
|
| CVE-2023-23589 | Jan 14, 2023 |
Logic Error in Tor SafeSocks Enables Unsafe SOCKS4 <0.4.7.13The SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka TROVE-2022-002. |
Tor
|
| CVE-2022-33903 | Jul 17, 2022 |
Tor 0.4.7.x before 0.4.7.8Tor 0.4.7.x before 0.4.7.8 allows a denial of service via the wedging of RTT estimation. |
Tor
|
| CVE-2021-38385 | Aug 30, 2021 |
Tor before 0.3.5.16Tor before 0.3.5.16, 0.4.5.10, and 0.4.6.7 mishandles the relationship between batch-signature verification and single-signature verification, leading to a remote assertion failure, aka TROVE-2021-007. |
Tor
|