Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

hono — Vulnerabilities & Security Advisories 21

All 21 CVE vulnerabilities found in hono, with AI-generated Chinese analysis, references, and POCs.

Vendor: honojs

CVE IDTitleCVSSSeverityPublished
CVE-2026-39410 Hono has a non-breaking space prefix bypass in cookie name handling in getCookie() CWE-20 4.8 Medium2026-04-08
CVE-2026-39409 Hono has incorrect IP matching in ipRestriction() for IPv4-mapped IPv6 addresses CWE-180 9.1AICriticalAI2026-04-08
CVE-2026-39408 Hono has a path traversal in toSSG() allows writing files outside the output directory CWE-22 7.5AIHighAI2026-04-08
CVE-2026-39407 Hono has a middleware bypass via repeated slashes in serveStatic CWE-22 5.3 Medium2026-04-08
CVE-2026-29085 Hono: SSE Control Field Injection via CR/LF in writeSSE() CWE-74 6.5 Medium2026-03-04
CVE-2026-29045 Hono: Arbitrary file access via serveStatic vulnerability CWE-177 7.5 High2026-03-04
CVE-2026-29086 Hono: Cookie Attribute Injection via Unsanitized domain and path in setCookie() CWE-1113 5.4 Medium2026-03-04
CVE-2026-27700 Hono is Vulnerable to Authentication Bypass by IP Spoofing in AWS Lambda ALB conninfo CWE-345 8.2 High2026-02-25
CVE-2026-24771 Hono has a Cross-site Scripting vulnerability CWE-79 4.7 Medium2026-01-27
CVE-2026-24473 Hono has an Arbitrary Key Read in Serve static Middleware (Cloudflare Workers Adapter) CWE-200 7.5AIHighAI2026-01-27
CVE-2026-24472 Hono cache middleware ignores "Cache-Control: private" leading to Web Cache Deception CWE-524 5.3 Medium2026-01-27
CVE-2026-24398 Hono's IPv4 address validation bypass in IP Restriction Middleware allows IP spoofing CWE-185 4.8 Medium2026-01-27
CVE-2026-22817 JWT Algorithm Confusion via Unsafe Default (HS256) in Hono JWT Middleware Allows Token Forgery and Auth Bypass CWE-347 8.2 High2026-01-13
CVE-2026-22818 JWT algorithm confusion in Hono JWK Auth Middleware when JWK lacks "alg" (untrusted header.alg fallback) CWE-347 8.2 High2026-01-13
CVE-2025-62610 Hono Improperly Authorizes JWT Audience Validation CWE-285 8.1 High2025-10-22
CVE-2025-59139 Hono has Body Limit Middleware Bypass CWE-400 5.3 Medium2025-09-12
CVE-2025-58362 Hono contains a flaw in URL path parsing, potentially leading to path confusion CWE-706 7.5 High2025-09-04
CVE-2024-48913 Hono vulnerable to bypass of CSRF Middleware by a request without Content-Type header. CWE-352 5.9 Medium2024-10-15
CVE-2024-43787 Hono CSRF middleware can be bypassed using crafted Content-Type header CWE-352 5.0 Medium2024-08-22
CVE-2024-32869 Hono vulnerable to Restricted Directory Traversal in serveStatic with deno CWE-22 5.3 Medium2024-04-23
CVE-2023-50710 Hono's named path parameters can be overridden in TrieRouter CWE-94 4.2 Medium2023-12-14

All 21 known CVE vulnerabilities affecting hono with full Chinese analysis, references, and POCs where available.