Although generally safe, Tor has known vulnerabilities
Tor vulnerabilities include the following:

The final Tor exit node could be exposed.

The exit node is the last node to handle the Tor data before it reaches its final destination. The data on the exit node is completely decrypted. Unless the traffic is via an HTTPS connection, the information is exposed to the operator running the exit node. (See below.)

Tor can be defeated through confirmation attacks.

Powerful entities like the NSA as well as unfriendly foreign governments can compromise Tor user anonymity. Using powerful and relentless surveillance techniques, Tor attacks correlate user transmissions between entry and exit nodes to determine use patterns, for example.

Tor nodes can be compromised along the path to the final exit.

Tor’s safety is based on the assumption that most of the Tor volunteers are honest and do not spy on the traffic. Tor forensic investigators, however, have found exit nodes that actively interfere with users’ traffic to perform man-in-the-middle attacks.

A study by Guevara Noubir at Northeastern University also highlights some sinister and sophisticated infiltration techniques by Tor hackers. User detection ranged from automated probing to dangerous SQL injection into databases to steal system login data.

Windows digital files are vulnerable.

Downloading and opening Windows DRM copyrighted digital files can compromise the identity of Tor Browser users. Setting up a so-called deanonymization attack requires resources typically within the means of government and law enforcement agencies. The user opens the DRM file and downloads the code to decloak Tor Browser user location and identification.