| CVE |
Severity |
CVSS |
Risk |
Published |
Description |
Impact |
| CVE-2026-44456 |
medium |
6.5 |
6.5 |
14d ago |
Hono: bodyLimit() can be bypassed for chunked / unknown-length requests |
|
| CVE-2026-44455 |
medium |
6.1 |
6.1 |
14d ago |
hono/jsx has Unvalidated JSX Tag Names that May Allow HTML Injection |
|
| CVE-2026-44457 |
medium |
5.3 |
5.3 |
14d ago |
Hono's Cache Middleware ignores Vary: Authorization / Vary: Cookie leading to cross-user cache leakage |
|
| CVE-2026-44458 |
medium |
4.3 |
4.3 |
14d ago |
Hono has CSS Declaration Injection via Style Object Values in JSX SSR |
|
| CVE-2026-44459 |
low |
3.8 |
3.8 |
14d ago |
Hono has improper validation of NumericDate claims (exp, nbf, iat) in JWT verify() |
|