Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

redis — Vulnerabilities & Security Advisories 49

Browse all 49 CVE security advisories affecting redis. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Redis functions primarily as an in-memory data structure store, utilized extensively for caching, database, and message broker applications. Its architecture, while optimized for high-performance read/write operations, has historically exposed it to significant security risks, particularly when deployed with default configurations. Common vulnerability classes include remote code execution (RCE) via the EVAL command, insecure configuration leading to unauthorized access, and privilege escalation through improper file system permissions. Notable incidents often stem from the lack of authentication by default or the exposure of the Redis port to untrusted networks, allowing attackers to write malicious SSH keys or deploy web shells. With 49 recorded CVEs, these flaws highlight the critical importance of network segmentation, enabling authentication, and restricting command access. Organizations must implement strict firewall rules and disable dangerous commands to mitigate these persistent threats effectively.

Top products by redis: redis hiredis go-redis
CVE IDTitleCVSSSeverityPublished
CVE-2026-25243 redis-server RESTORE invalid memory access may allow remote code execution — redisCWE-122 8.8 -2026-05-05
CVE-2026-23631 redis-server Lua use-after-free may allow remote code execution — redisCWE-416 8.8 -2026-05-05
CVE-2026-23479 redis-server use-after-free in unblock client flow may allow remote code execution — redisCWE-416 8.8 -2026-05-05
CVE-2025-62507 Redis: Bug in XACKDEL may lead to stack overflow and potential RCE — redisCWE-20 8.8AIHighAI2025-11-04
CVE-2025-49844 Redis Lua Use-After-Free may lead to remote code execution — redisCWE-416 10.0 Critical2025-10-03
CVE-2025-46819 Redis is vulnerable to DoS via specially crafted LUA scripts — redisCWE-190 6.3 Medium2025-10-03
CVE-2025-46818 Redis: Authenticated users can execute LUA scripts as a different user — redisCWE-94 6.0 Medium2025-10-03
CVE-2025-46817 Lua library commands may lead to integer overflow and potential RCE — redisCWE-190 7.0 High2025-10-03
CVE-2025-46686 Redis 安全漏洞 — RedisCWE-401 3.5 Low2025-07-23
CVE-2025-48367 Redis DoS Vulnerability due to bad connection error handling — redisCWE-770 7.5 High2025-07-07
CVE-2025-32023 Redis allows out of bounds writes in hyperloglog commands leading to RCE — redisCWE-680 7.0 High2025-07-07
CVE-2025-27151 redis-check-aof may lead to stack overflow and potential RCE — redisCWE-20 4.7 Medium2025-05-29
CVE-2025-21605 Redis DoS Vulnerability due to unlimited growth of output buffers abused by unauthenticated client — redisCWE-770 7.5 High2025-04-23
CVE-2025-29923 go-redis allows potential out of order responses when `CLIENT SETINFO` times out during connection establishment — go-redisCWE-20 3.7 Low2025-03-20
CVE-2024-51741 Redis allows denial-of-service due to malformed ACL selectors — redisCWE-20 4.4 Medium2025-01-06
CVE-2024-46981 Redis' Lua library commands may lead to remote code execution — redisCWE-416 7.0 High2025-01-06
CVE-2024-31449 Lua library commands may lead to stack overflow and RCE in Redis — redisCWE-20 7.0 High2024-10-07
CVE-2024-31228 Denial-of-service due to unbounded pattern matching in Redis — redisCWE-674 5.5 Medium2024-10-07
CVE-2024-31227 Denial-of-service due to malformed ACL selectors in Redis — redisCWE-20 4.4 Medium2024-10-07
CVE-2023-41056 Redis vulnerable to integer overflow in certain payloads — redisCWE-762 8.1 High2024-01-10
CVE-2023-45145 Redis Unix-domain socket may have be exposed with the wrong permissions for a short time window. — redisCWE-668 3.6 Low2023-10-18
CVE-2023-41053 Redis SORT_RO may bypass ACL configuration — redisCWE-269 3.3 Low2023-09-06
CVE-2022-24834 Heap overflow issue with the Lua cjson library used by Redis — redisCWE-122 7.0 High2023-07-13
CVE-2023-36824 Heap overflow in COMMAND GETKEYS and ACL evaluation in Redis — redisCWE-122 7.4 High2023-07-11
CVE-2023-28856 `HINCRBYFLOAT` can be used to crash a redis-server process — redisCWE-617 5.5 Medium2023-04-18
CVE-2023-28425 Specially crafted MSETNX command can lead to denial-of-service — redisCWE-77 5.5 Medium2023-03-20
CVE-2023-25155 Integer Overflow in several Redis commands can lead to denial of service. — redisCWE-190 5.5 Medium2023-03-02
CVE-2022-36021 Redis string pattern matching can be abused to achieve Denial of Service — redisCWE-407 5.5 Medium2023-03-01
CVE-2022-35977 Integer overflow in certain command arguments can drive Redis to OOM panic — redisCWE-190 5.5 Medium2023-01-20
CVE-2023-22458 Integer overflow in multiple Redis commands can lead to denial-of-service — redisCWE-190 5.5 Medium2023-01-20

This page lists every published CVE security advisory associated with redis. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.