Honojs Hono
30 CVEs affecting Honojs Hono. Latest disclosed: 2026-05-28. Critical: 0, High: 6.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-27700 | High | 8.2 | 2026-02-25 | Hono is a Web application framework that provides support for any JavaScript runtime. In versions 4.12.0 and 4.12.1, when using the AWS Lambda adapter (`hono/a… |
CVE-2026-22817 | High | 8.2 | 2026-01-13 | Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.11.4, there is a flaw in Hono’s JWK/JWKS JWT verification midd… |
CVE-2026-22818 | High | 8.2 | 2026-01-13 | Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.11.4, there is a flaw in Hono’s JWK/JWKS JWT verification midd… |
CVE-2025-62610 | High | 8.1 | 2025-10-22 | Hono is a Web application framework that provides support for any JavaScript runtime. In versions from 1.1.0 to before 4.10.2, Hono’s JWT Auth Middleware does… |
CVE-2026-29045 | High | 7.5 | 2026-03-04 | Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, when using serveStatic together with route-based… |
CVE-2025-58362 | High | 7.5 | 2025-09-04 | Hono is a Web application framework that provides support for any JavaScript runtime. Versions 4.8.0 through 4.9.5 contain a flaw in the getPath utility functi… |
CVE-2026-44456 | Medium | 6.5 | 2026-05-13 | Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.16, bodyLimit() does not reliably enforce maxSize for reque… |
CVE-2026-29085 | Medium | 6.5 | 2026-03-04 | Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, when using streamSSE() in Streaming Helper, the… |
CVE-2024-48913 | Medium | 5.9 | 2024-10-15 | Hono, a web framework, prior to version 4.6.5 is vulnerable to bypass of cross-site request forgery (CSRF) middleware by a request without Content-Type header… |
CVE-2026-29086 | Medium | 5.4 | 2026-03-04 | Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, the setCookie() utility did not validate semicol… |
CVE-2026-47676 | Medium | 5.3 | 2026-05-28 | Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.21, app.mount() strips the mount prefix from the incoming r… |
CVE-2026-47674 | Medium | 5.3 | 2026-05-28 | Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.21, the ip-restriction middleware (hono/ip-restriction) com… |
CVE-2026-44457 | Medium | 5.3 | 2026-05-13 | Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, Cache Middleware does not skip caching for responses th… |
CVE-2026-39407 | Medium | 5.3 | 2026-04-08 | Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.12, a path handling inconsistency in serveStatic allows pro… |
CVE-2026-24472 | Medium | 5.3 | 2026-01-27 | Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, Cache Middleware contains an information disclos… |
CVE-2025-59139 | Medium | 5.3 | 2025-09-12 | Hono is a Web application framework that provides support for any JavaScript runtime. In versions prior to 4.9.7, a flaw in the `bodyLimit` middleware could al… |
CVE-2024-32869 | Medium | 5.3 | 2024-04-23 | Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.2.7, when using serveStatic with deno, it is possible… |
CVE-2024-43787 | Medium | 5.0 | 2024-08-22 | Hono is a Web application framework that provides support for any JavaScript runtime. Hono CSRF middleware can be bypassed using crafted Content-Type header. M… |
CVE-2026-47673 | Medium | 4.8 | 2026-05-28 | Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.21, the jwt and jwk middlewares do not verify that the Auth… |
CVE-2026-39410 | Medium | 4.8 | 2026-04-08 | Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.12, a discrepancy between browser cookie parsing and parse(… |