Redis

This hub aggregates every CVE we track for Redis, a product in the databases space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Redis.

• CVE-2026-25243redis-server RESTORE invalid memory access may allow remote code execution8.8May 5, 2026
• CVE-2026-23631redis-server Lua use-after-free may allow remote code execution8.1May 5, 2026
• CVE-2026-23479redis-server use-after-free in unblock client flow may allow remote code execution8.8May 5, 2026
• CVE-2025-62507Redis: Bug in XACKDEL may lead to stack overflow and potential RCE8.8Nov 4, 2025
• CVE-2025-49844Redis Lua Use-After-Free may lead to remote code execution9.9Oct 3, 2025
• CVE-2025-46818Redis: Authenticated users can execute LUA scripts as a different user6.0Oct 3, 2025
• CVE-2025-46817Lua library commands may lead to integer overflow and potential RCE7.0Oct 3, 2025
• CVE-2025-46686Redis through 8.0.3 allows memory consumption via a multi-bulk command composed of many bulks, sent by an authenticated user. This occurs because the server allocates memory for the command argumen...3.5Jul 23, 2025
• CVE-2025-48367Redis DoS Vulnerability due to bad connection error handling7.5Jul 7, 2025
• CVE-2025-32023Redis allows out of bounds writes in hyperloglog commands leading to RCE7.0Jul 7, 2025
• CVE-2025-27151redis-check-aof may lead to stack overflow and potential RCE4.7May 29, 2025
• CVE-2025-21605Redis DoS Vulnerability due to unlimited growth of output buffers abused by unauthenticated client7.5Apr 23, 2025
• CVE-2024-51741Redis allows denial-of-service due to malformed ACL selectors4.4Jan 6, 2025
• CVE-2024-46981Redis' Lua library commands may lead to remote code execution7.0Jan 6, 2025
• CVE-2024-31449Lua library commands may lead to stack overflow and RCE in Redis7.0Oct 7, 2024