redis-py is a widely used PyPI package. As of 2026-05-24, there are 4 known vulnerabilities in the OSV database. The latest stable version is 7.4.0. Developers should audit their dependency trees and update to patched versions.
Package Overview
Known Vulnerabilities (4)
| ID | Severity | Score | Affected Versions | Fixed In | Description |
|---|---|---|---|---|---|
| CVE-2023-28859 | HIGH | 7.5 | 4.5.0 to 4.5.4; 4.2.0 to 4.4.4 | 4.5.4 | redis-py Race Condition due to incomplete fix |
| CVE-2023-28858 | MODERATE | 5.0 | 4.4.0 to 4.4.3; 4.5.0 to 4.5.3; 4.2.0 to 4.3.6 | 4.4.3 | redis-py Race Condition vulnerability |
| CVE-2023-28858 | UNKNOWN | - | 4.5.0 to 4.5.3 | 4.3.6 | redis-py before 4.5.3, as used in ChatGPT and other products, leaves a connection open after canceling an async Redis command at an inopportune time (in the case of a pipeline operation), and can send |
| CVE-2023-28859 | UNKNOWN | - | 4.5.0 to 4.5.4 | 4.4.4 | redis-py through 4.5.3 leaves a connection open after canceling an async Redis command at an inopportune time (in the case of a non-pipeline operation), and can send response data to the client of an |
Security Recommendations
- Pin redis-py to the latest stable version (7.4.0) in your dependency manifest
- Enable automated dependency updates with Dependabot or Renovate
- Run regular vulnerability scans using
pip-audit - Review your lock file (requirements.txt) after every update
- Monitor the OSV database and NIST NVD for new advisories
FAQ
Is redis-py safe to use?
redis-py is actively maintained and widely used. As of 2026-05-24, there are 4 known vulnerabilities listed in the OSV database. Most have patches available. Keeping your dependencies updated and running regular security audits significantly reduces risk.
What vulnerabilities does redis-py have?
The OSV database currently lists 4 vulnerabilities for redis-py. These range in severity and are detailed in the vulnerability table above. Check the linked advisories for full technical details and remediation guidance.
How do I update redis-py to fix vulnerabilities?
Run pip install --upgrade redis to get the newest version. Use pip-audit or safety check to scan for known vulnerabilities. Pin your dependencies with a requirements file and review updates regularly.
Using AI-Generated Code with redis-py?
Our vibe coding security audit checks for misconfigurations, exposed secrets and vulnerable dependencies in AI-generated codebases. If your project uses redis-py, we can verify it is locked to a safe version and properly configured.
Get a Vibe Coding Security Audit