CRITICAL9.9CVE-2025-49844Redis Lua Use-After-Free may lead to remote code execution from 0, < 7.2.11, >= 8.0.0, < 8.0.6, >= 8.1.0, < 8.1.4
CRITICAL9.8CVE-2025-27151redis-check-aof may lead to stack overflow and potential RCE from 0, < 7.2.10, >= 7.3.0, < 8.0.5, >= 8.1.0, < 8.1.2
CRITICAL9.8Redis' Lua library commands may lead to remote code execution
from 0, < 8.0.2
CRITICAL9.8Redis subject to Integer Overflow leading to Remote Code Execution via Heap Overflow
>= 7.0.0, < 7.0.5
HIGH8.8redis-server RESTORE invalid memory access may allow remote code execution
from 0, < 7.2.13, >= 8.0.0, < 8.0.8, >= 8.1.0, < 8.1.7, >= 9.0.0, < 9.0.4
HIGH8.8redis-server use-after-free in unblock client flow may allow remote code execution
from 0, < 7.2.13, >= 8.0.0, < 8.0.8, >= 8.1.0, < 8.1.7, >= 9.0.0, < 9.0.4
HIGH8.8Lua library commands may lead to integer overflow and potential RCE
from 0, < 7.2.11, >= 8.0.0, < 8.0.6, >= 8.1.0, < 8.1.4
HIGH8.8Lua library commands may lead to stack overflow and RCE in Redis
from 0, < 7.2.7, >= 8.0.0, < 8.0.1
HIGH8.8Heap overflow issue with the Lua cjson library used by Redis
>= 2.6.0, < 6.0.20, >= 6.2.0, < 6.2.13, >= 7.0.0, < 7.0.12
HIGH8.8Heap overflow in COMMAND GETKEYS and ACL evaluation in Redis
>= 7.0.0, < 7.0.12
HIGH8.8Potential heap overflow in Redis
>= 7.0.0, < 7.0.4
HIGH8.8Integer overflow that can lead to heap overflow in redis-cli, redis-sentinel on some platforms
>= 5.0.0, < 5.0.14, >= 6.0.0, < 6.0.16, >= 6.2.0, < 6.2.6
HIGH8.8Lua scripts can overflow the heap-based Lua stack in Redis
>= 2.6.0, < 5.0.14, >= 6.0.0, < 6.0.16, >= 6.2.0, < 6.2.6
HIGH8.1redis-server Lua use-after-free may allow remote code execution
from 0, < 7.2.13, >= 8.0.0, < 8.0.8, >= 8.1.0, < 8.1.7, >= 9.0.0, < 9.0.4
HIGH8.1Redis vulnerable to integer overflow in certain payloads
>= 7.0.9, < 7.0.15, >= 7.2.0, < 7.2.4
HIGH7.8Redis allows out of bounds writes in hyperloglog commands leading to RCE
from 0, < 7.2.10, >= 7.3.0, < 8.0.4, >= 8.1.0, < 8.1.3
HIGH7.8Lua scripts can be manipulated to overcome ACL rules in Redis
from 0, < 6.2.7
HIGH7.5Valkey has Pre-Authentication DOS from malformed RESP request
>= 9.0.0, < 9.0.3
HIGH7.5Malformed Valkey Cluster bus message can lead to Remote DoS
from 0, < 7.2.12, >= 8.0.0, < 8.0.7, >= 8.1.0, < 8.1.6, >= 9.0.0, < 9.0.2
HIGH7.5Redis DoS Vulnerability due to bad connection error handling
from 0, < 7.2.10, >= 7.3.0, < 8.0.4, >= 8.1.0, < 8.1.3
HIGH7.5Redis DoS Vulnerability due to unlimited growth of output buffers abused by unauthenticated client
from 0, < 7.2.9, >= 8.0.0, < 8.0.3, >= 8.1.0, < 8.1.1
HIGH7.5Redis v7.0 was discovered to contain a memory leak via the component streamGetEdgeID.
>= 7.0.0, < 7.0.1
HIGH7.5redis v7.0.10 was discovered to contain a segmentation violation.
>= 7.0.10, < 7.0.11
HIGH7.5Integer overflow issue with strings in Redis
>= 5.0.0, < 5.0.14, >= 6.0.0, < 6.0.16, >= 6.2.0, < 6.2.6
HIGH7.5Integer overflow issue with intsets in Redis
>= 5.0.0, < 5.0.14, >= 6.0.0, < 6.0.16, >= 6.2.0, < 6.2.6
HIGH7.5DoS vulnerability in Redis
>= 5.0.0, < 5.0.14, >= 6.0.0, < 6.0.16, >= 6.2.0, < 6.2.6
HIGH7.5Vulnerability in handling large ziplists
>= 5.0.0, < 5.0.14, >= 6.0.0, < 6.0.16, >= 6.2.0, < 6.2.6
HIGH7.5Integer overflow issue with Streams in Redis
>= 5.0.0, < 5.0.14, >= 6.0.0, < 6.0.16, >= 6.2.0, < 6.2.6
HIGH7.3Redis: Authenticated users can execute LUA scripts as a different user
from 0, < 7.2.11, >= 8.0.0, < 8.0.6, >= 8.1.0, < 8.1.4
HIGH7.1Valkey Affected by RESP Protocol Injection via Lua error_reply
from 0, < 7.2.12, >= 8.0.0, < 8.0.7, >= 8.1.0, < 8.1.6, >= 9.0.0, < 9.0.2
HIGH7.1Redis is vulnerable to DoS via specially crafted LUA scripts
from 0, < 7.2.11, >= 8.0.0, < 8.0.6, >= 8.1.0, < 8.1.4
MEDIUM6.5Denial-of-service due to unbounded pattern matching in Redis
from 0, < 7.2.7, >= 8.0.0, < 8.0.1
MEDIUM6.5`HINCRBYFLOAT` can be used to crash a redis-server process
from 0, < 6.0.19, >= 6.2.0, < 6.2.12, >= 7.0.0, < 7.0.11
MEDIUM6.5Integer Overflow in several Redis commands can lead to denial of service.
from 0, < 6.0.18, >= 6.2.0, < 6.2.11, >= 7.0.0, < 7.0.9
MEDIUM5.9Redis before 6cbea7d allows a replica to cause an assertion failure in a primary server by sending a non-administrative command (specifical…
from 0, < 6.2.0
MEDIUM5.5Specially crafted MSETNX command can lead to denial-of-service
>= 7.0.8, < 7.0.10
MEDIUM5.5Redis string pattern matching can be abused to achieve Denial of Service
from 0, < 6.0.18, >= 6.2.0, < 6.2.11, >= 7.0.0, < 7.0.9
MEDIUM5.5Integer overflow in multiple Redis commands can lead to denial-of-service
>= 6.2.0, < 6.2.9, >= 7.0.0, < 7.0.8
MEDIUM5.5Integer overflow in certain command arguments can drive Redis to OOM panic
>= 6.0.0, < 6.0.17, >= 6.2.0, < 6.2.9, >= 7.0.0, < 7.0.8
MEDIUM5.5A Malformed Lua script can crash Redis
from 0, < 6.2.7
MEDIUM4.4Redis allows denial-of-service due to malformed ACL selectors
from 0, < 8.0.2
MEDIUM4.4Denial-of-service due to malformed ACL selectors in Redis
from 0, < 7.2.7, >= 8.0.0, < 8.0.1
MEDIUM4.3Vulnerability in Lua Debugger in Redis
>= 3.2.0, < 5.0.14, >= 6.0.0, < 6.0.16, >= 6.2.0, < 6.2.6
LOW3.6Redis Unix-domain socket may have be exposed with the wrong permissions for a short time window.
>= 2.6.0, < 6.2.14, >= 7.0.0, < 7.0.14, >= 7.2.0, < 7.2.2
LOW3.5Redis through 8.0.3 allows memory consumption via a multi-bulk command composed of many bulks, sent by an authenticated user.
from 0, < 8.0.4
LOW3.3Redis SORT_RO may bypass ACL configuration
>= 7.0.0, < 7.0.13, >= 7.2.0, < 7.2.1
LOW3.3Redis Crash Report debug.c sigsegvHandler denial of service
from 0, < 6.2.8, >= 7.0.0, < 7.0.6
LOW3.1setDeferredReply in networking.c in Valkey through 8.1.1 has an integer underflow for prev->size - prev->used.
from 0, < 8.1.4