Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

honojs — Vulnerabilities & Security Advisories 25

Browse all 25 CVE security advisories affecting honojs. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by honojs:hononode-server
CVE IDTitleCVSSSeverityPublished
CVE-2026-39410 Hono has a non-breaking space prefix bypass in cookie name handling in getCookie() — honoCWE-20 4.8 Medium2026-04-08
CVE-2026-39409 Hono has incorrect IP matching in ipRestriction() for IPv4-mapped IPv6 addresses — honoCWE-180 9.1AICriticalAI2026-04-08
CVE-2026-39408 Hono has a path traversal in toSSG() allows writing files outside the output directory — honoCWE-22 7.5AIHighAI2026-04-08
CVE-2026-39407 Hono has a middleware bypass via repeated slashes in serveStatic — honoCWE-22 5.3 Medium2026-04-08
CVE-2026-39406 @hono/node-server has a middleware bypass via repeated slashes in serveStatic — node-serverCWE-22 5.3 Medium2026-04-08
CVE-2026-29087 @hono/node-server: Authorization bypass for protected static paths via encoded slashes in Serve Static Middleware — node-serverCWE-863 7.5 High2026-03-06
CVE-2026-29085 Hono: SSE Control Field Injection via CR/LF in writeSSE() — honoCWE-74 6.5 Medium2026-03-04
CVE-2026-29045 Hono: Arbitrary file access via serveStatic vulnerability — honoCWE-177 7.5 High2026-03-04
CVE-2026-29086 Hono: Cookie Attribute Injection via Unsanitized domain and path in setCookie() — honoCWE-1113 5.4 Medium2026-03-04
CVE-2026-27700 Hono is Vulnerable to Authentication Bypass by IP Spoofing in AWS Lambda ALB conninfo — honoCWE-345 8.2 High2026-02-25
CVE-2026-24771 Hono has a Cross-site Scripting vulnerability — honoCWE-79 4.7 Medium2026-01-27
CVE-2026-24473 Hono has an Arbitrary Key Read in Serve static Middleware (Cloudflare Workers Adapter) — honoCWE-200 7.5AIHighAI2026-01-27
CVE-2026-24472 Hono cache middleware ignores "Cache-Control: private" leading to Web Cache Deception — honoCWE-524 5.3 Medium2026-01-27
CVE-2026-24398 Hono's IPv4 address validation bypass in IP Restriction Middleware allows IP spoofing — honoCWE-185 4.8 Medium2026-01-27
CVE-2026-22817 JWT Algorithm Confusion via Unsafe Default (HS256) in Hono JWT Middleware Allows Token Forgery and Auth Bypass — honoCWE-347 8.2 High2026-01-13
CVE-2026-22818 JWT algorithm confusion in Hono JWK Auth Middleware when JWK lacks "alg" (untrusted header.alg fallback) — honoCWE-347 8.2 High2026-01-13
CVE-2025-62610 Hono Improperly Authorizes JWT Audience Validation — honoCWE-285 8.1 High2025-10-22
CVE-2025-59139 Hono has Body Limit Middleware Bypass — honoCWE-400 5.3 Medium2025-09-12
CVE-2025-58362 Hono contains a flaw in URL path parsing, potentially leading to path confusion — honoCWE-706 7.5 High2025-09-04
CVE-2024-48913 Hono vulnerable to bypass of CSRF Middleware by a request without Content-Type header. — honoCWE-352 5.9 Medium2024-10-15
CVE-2024-43787 Hono CSRF middleware can be bypassed using crafted Content-Type header — honoCWE-352 5.0 Medium2024-08-22
CVE-2024-32869 Hono vulnerable to Restricted Directory Traversal in serveStatic with deno — honoCWE-22 5.3 Medium2024-04-23
CVE-2024-32652 @hono/node-server contains Denial of Service risk when receiving Host header that cannot be parsed — node-serverCWE-755 7.5 High2024-04-19
CVE-2024-23340 @hono/node-server can't handle "double dots" in URL — node-serverCWE-22 5.3 Medium2024-01-22
CVE-2023-50710 Hono's named path parameters can be overridden in TrieRouter — honoCWE-94 4.2 Medium2023-12-14

This page lists every published CVE security advisory associated with honojs. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.