redis · threatengine.sh

CVE-2026-25243

< 8.6.3

Redis is an in-memory data structure store. In versions of redis-server up to 8.6.3, the RESTORE command does not properly validat

8.8HIGH

CVE-2026-23631

< 8.6.3

Redis is an in-memory data structure store. In all versions of redis-server with Lua scripting, an authenticated attacker can expl

8.1HIGH

CVE-2026-23479

>= 7.2.0 and < 8.6.3

Redis is an in-memory data structure store. In redis-server from 7.2.0 until 8.6.3, the unblock client flow does not handle an err

8.8HIGH

CVE-2025-62507

>= 8.2.0 and < 8.2.3

Redis is an open source, in-memory database that persists on disk. In versions 8.2.0 and above, a user can run the XACKDEL command

8.8HIGH

CVE-2025-49844

< 6.2.20

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a s

9.9CRITICAL

CVE-2025-46819

< 6.2.20

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a s

6.3MEDIUM

CVE-2025-46818

< 6.2.20

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a s

6.0MEDIUM

CVE-2025-46817

< 6.2.20

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a s

7.0HIGH

CVE-2025-48367

< 6.2.19

Redis is an open source, in-memory database that persists on disk. An unauthenticated connection can cause repeated IP protocol er

7.5HIGH

CVE-2025-32023

>= 2.8.0 and < 6.2.19

Redis is an open source, in-memory database that persists on disk. From 2.8 to before 8.0.3, 7.4.5, 7.2.10, and 6.2.19, an authent

7.0HIGH

CVE-2025-27151

>= 7.0.0 and < 7.2.9

Redis is an open source, in-memory database that persists on disk. In versions starting from 7.0.0 to before 8.0.2, a stack-based

4.7MEDIUM

CVE-2025-21605

>= 2.6.0 and < 6.2.18

Redis is an open source, in-memory database that persists on disk. In versions starting at 2.6 and prior to 7.4.3, An unauthentica

7.5HIGH

CVE-2024-51741

>= 7.0.0 and < 7.2.7

Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malfor

4.4MEDIUM

CVE-2024-46981

>= 6.2.0 and < 6.2.17

Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to

7.0HIGH

CVE-2024-31449

>= 2.8.18 and < 6.2.16

Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to

7.0HIGH

CVE-2024-31228

>= 2.2.5 and < 6.2.16

Redis is an open source, in-memory database that persists on disk. Authenticated users can trigger a denial-of-service by using sp

5.5MEDIUM

CVE-2024-31227

>= 7.0.0 and < 7.2.6

Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malfor

4.4MEDIUM

CVE-2023-31654

all versions

Redis raft master-1b8bd86 to master-7b46079 was discovered to contain an ODR violation via the component hiredisAllocFns at /opt/f

9.8CRITICAL

CVE-2023-41056

>= 7.0.9 and < 7.0.15

Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in int

8.1HIGH

CVE-2023-45145

>= 2.6.0 and < 6.2.14

Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its per

3.6LOW

CVE-2023-41053

>= 7.0 and < 7.0.13

Redis is an in-memory database that persists on disk. Redis does not correctly identify keys accessed by SORT_RO and as a result

3.3LOW

CVE-2021-31294

< 6.2.0

Redis before 6cbea7d allows a replica to cause an assertion failure in a primary server by sending a non-administrative command (s

5.9MEDIUM

CVE-2022-24834

>= 2.6.0 and < 6.0.20

Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflo

7.0HIGH

CVE-2023-36824

>= 7.0.0 and < 7.0.12

Redis is an in-memory database that persists on disk. In Redit 7.0 prior to 7.0.12, extracting key names from a command and a list

7.4HIGH

CVE-2023-31655

all versions

redis v7.0.10 was discovered to contain a segmentation violation. This vulnerability allows attackers to cause a Denial of Service

7.5HIGH

CVE-2023-28856

< 6.0.19

Redis is an open source, in-memory database that persists on disk. Authenticated users can use the HINCRBYFLOAT command to creat

5.5MEDIUM

CVE-2023-28859

>= 4.2.0 and < 4.4.4

redis-py before 4.4.4 and 4.5.x before 4.5.4 leaves a connection open after canceling an async Redis command at an inopportune tim

6.5MEDIUM

CVE-2023-28858

>= 4.2.0 and < 4.3.6

redis-py before 4.5.3 leaves a connection open after canceling an async Redis command at an inopportune time, and can send respons

3.7LOW

CVE-2023-28425

>= 7.0.8 and < 7.0.10

Redis is an in-memory database that persists on disk. Starting in version 7.0.8 and prior to version 7.0.10, authenticated users c

5.5MEDIUM

CVE-2023-25155

< 6.0.18

Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted SRANDMEMBER, ZRANDMEMBER,

5.5MEDIUM

CVE-2022-36021

< 6.0.18

Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands (like SCAN or KEYS)

5.5MEDIUM

CVE-2023-22458

>= 6.2.0 and < 6.2.9

Redis is an in-memory database that persists on disk. Authenticated users can issue a HRANDFIELD or ZRANDMEMBER command with s

5.5MEDIUM

CVE-2022-35977

>= 6.0.0 and < 6.0.17

Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted SETRANGE and SORT(_RO) com

5.5MEDIUM

CVE-2022-3734

all versions

A vulnerability was found in a port or fork of Redis. It has been declared as critical. This vulnerability affects unknown code in

6.3MEDIUM

CVE-2022-3647

< 6.2.8

DISPUTED A vulnerability, which was classified as problematic, was found in Redis up to 6.2.7/7.0.5. Affected is the functio

3.1LOW

CVE-2022-35951

>= 7.0.0 and < 7.0.5

Redis is an in-memory database that persists on disk. Versions 7.0.0 and above, prior to 7.0.5 are vulnerable to an Integer Overfl

7.0HIGH

CVE-2022-31144

>= 7.0 and < 7.0.4

Redis is an in-memory database that persists on disk. A specially crafted XAUTOCLAIM command on a stream key in a specific state

7.0HIGH

CVE-2022-33105

all versions

Redis v7.0 was discovered to contain a memory leak via the component streamGetEdgeID.

7.5HIGH

CVE-2022-24736

< 6.2.7

Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a speciall

3.3LOW

CVE-2022-24735

< 6.2.7

Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacke

3.9LOW

CVE-2022-0543

all versions

It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sand

10.0CRITICAL

CVE-2021-32765

< 1.0.1

Hiredis is a minimalistic C client library for the Redis database. In affected versions Hiredis is vulnurable to integer overflow

8.8HIGH

CVE-2021-41099

>= 5.0.0 and < 5.0.14

Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the underlying string library can be

7.5HIGH

CVE-2021-32762

>= 5.0.0 and < 5.0.14

Redis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may

7.5HIGH

CVE-2021-32687

>= 5.0.0 and < 5.0.14

Redis is an open source, in-memory database that persists on disk. An integer overflow bug affecting all versions of Redis can be

7.5HIGH

CVE-2021-32675

>= 5.0.0 and < 5.0.14

Redis is an open source, in-memory database that persists on disk. When parsing an incoming Redis Standard Protocol (RESP) request

7.5HIGH

CVE-2021-32672

>= 3.2.0 and < 5.0.14

Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed req

5.3MEDIUM

CVE-2021-32628

>= 5.0.0 and < 5.0.14

Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the ziplist data structure used by a

7.5HIGH

CVE-2021-32627

>= 5.0.0 and < 5.0.14

Redis is an open source, in-memory database that persists on disk. In affected versions an integer overflow bug in Redis can be ex

7.5HIGH

CVE-2021-32626

>= 2.6 and < 5.0.14

Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in

7.5HIGH

CVE-2020-21468

all versions

A segmentation fault in the redis-server component of Redis 5.0.7 leads to a denial of service (DOS). NOTE: the vendor cannot repr

7.5HIGH

CVE-2021-32761

>= 2.2.0 and < 5.0.13

Redis is an in-memory database that persists on disk. A vulnerability involving out-of-bounds read and integer overflow to buffer

7.5HIGH

CVE-2021-32625

>= 6.0.0 and < 6.0.14

Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer

7.5HIGH

CVE-2021-29478

>= 6.2.0 and < 6.2.3

Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer

7.5HIGH

CVE-2021-29477

>= 6.0.0 and < 6.0.13

Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer

7.5HIGH

CVE-2021-29469

< 3.1.1

Node-redis is a Node.js Redis client. Before version 3.1.1, when a client is in monitoring mode, the regex begin used to detected

5.3MEDIUM

CVE-2021-3470

< 5.0.10

A heap overflow issue was found in Redis in versions before 5.0.10, before 6.0.9 and before 6.2.0 when using a heap allocator othe

5.3MEDIUM

CVE-2021-21309

>= 4.0 and < 5.0.11

Redis is an open-source, in-memory database that persists on disk. In affected versions of Redis an integer overflow bug in 32-bit

5.4MEDIUM

CVE-2020-14147

< 5.0.9

An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permissio

7.7HIGH

CVE-2013-0180

all versions

Insecure temporary file vulnerability in Redis 2.6 related to /tmp/redis.ds.

5.5MEDIUM

CVE-2013-0178

< 2.6.0

Insecure temporary file vulnerability in Redis before 2.6 related to /tmp/redis-%p.vm.

5.5MEDIUM

CVE-2019-3800

< 2.1.2

CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user aut

6.3MEDIUM

CVE-2019-10193

>= 3.0.0 and < 3.2.13

A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0

7.2HIGH

CVE-2019-10192

>= 3.0.0 and < 3.2.13

A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.

7.2HIGH

CVE-2018-11219

< 3.2.12

An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and

9.8CRITICAL

CVE-2018-11218

< 3.2.12

Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x b

9.8CRITICAL

CVE-2018-12326

< 4.0.10

Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 RC3 allows an attacker to achieve code execution and escala

8.4HIGH

CVE-2018-12453

< 5.0

Type confusion in the xgroupCommand function in t_stream.c in redis-server in Redis before 5.0 allows remote attackers to cause de

7.5HIGH

CVE-2016-10517

< 3.2.7

networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which ar

7.4HIGH

CVE-2017-15047

all versions

The clusterLoadConfig function in cluster.c in Redis 4.0.2 allows attackers to cause a denial of service (out-of-bounds array inde

9.8CRITICAL

CVE-2016-8339

all versions

A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code execution when a crafted command is sent. An out of bounds w

9.8CRITICAL

CVE-2013-7458

<= 3.2.2

linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .rediscli_history, which allows local users to obtai

3.3LOW

CVE-2015-8080

>= 2.8.0 and < 2.8.24

Integer overflow in the getnum function in lua_struct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows context-depende

7.5HIGH

CVE-2015-4335

<= 2.8.20

Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command.