hono vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
GHSA-GQ3J-XVXP-8HRFLowhono: Hono added timing comparison hardening in basicAuth and bearerAuthCVE-2026-24771Mediumhono: Hono vulnerable to XSS through ErrorBoundary component CVE-2026-24473Mediumhono: Hono has an Arbitrary Key Read in Serve static Middleware (Cloudflare Workers Adapter)CVE-2026-24472Mediumhono: Hono cache middleware ignores "Cache-Control: private" leading to Web Cache DeceptionCVE-2026-24398Mediumhono: Hono IPv4 address validation bypass in IP Restriction Middleware allows IP spoofingCVE-2026-22818Highhono: Hono JWK Auth Middleware has JWT algorithm confusion when JWK lacks "alg" (untrusted header.alg…CVE-2026-22817Highhono: Hono JWT Middleware's JWT Algorithm Confusion via Unsafe Default (HS256) Allows Token Forgery and…GHSA-Q7JF-GF43-6X6PMediumhono: Hono vulnerable to Vary Header Injection leading to potential CORS BypassCVE-2025-62610Highhono: Hono Improper Authorization vulnerabilityCVE-2025-59139Mediumhono: Hono has Body Limit Middleware BypassCVE-2025-58362Highhono: Hono's flaw in URL path parsing could cause path confusionCVE-2024-48913Mediumhono: Hono allows bypass of CSRF Middleware by a request without Content-Type header.CVE-2024-43787Lowhono: Hono CSRF middleware can be bypassed using crafted Content-Type headerCVE-2024-32869Mediumhono: Hono vulnerable to Restricted Directory Traversal in serveStatic with denoCVE-2023-50710Mediumhono: Named path parameters can be overridden in TrieRouter

Stop the waste.
Protect your environment with Kodem.