The article does a nice job explaining what each of the applications/services do. This is the list of disclosed vulnerabilities from the report.

Reported vulnerabilities:

• TOR-02-002 WP1: TagTor Flask lacks CSRF token system allowing post requests to be done without validating origin
• TOR-02-006 WP2: Margot command line tool doesn’t sanitize input allowing DOS via invalid input
• TOR-02-007 WP2: Margot tool creates false positives and negatives causing false sense of security
• TOR-02-008 WP2: Margot tool contains sensitive system info such as flow and paths in error messages
• TOR-02-009 WP1: TagTor allows DOS due to no ceiling on endpoint limit parameters for authenticated users
• TOR-02-015 WP1: TagTor allows DOS due to inefficient tag storage.