Browse all 4 CVE security advisories affecting valkey-io. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Valkey-io serves as an open-source in-memory data store alternative to Redis, handling caching, session management, and real-time data processing. Historically, it has faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, often stemming from input validation flaws and insecure default configurations. While no major security incidents have been widely documented, the project maintains a moderate CVE count with four recorded vulnerabilities to date. Security characteristics include regular updates and community-driven patching, though users should remain vigilant about default settings and input sanitization when implementing the solution in production environments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-21864 | Remote DoS from malformed RESTORE command — valkey-bloomCWE-20 | 6.5 | Medium | 2026-02-24 |
This page lists every published CVE security advisory associated with valkey-io. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.