Package impact
NPM / hono
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-44456 | medium | 6.5 | 6.5 | 16d ago | Hono: bodyLimit() can be bypassed for chunked / unknown-length requests | |||
| CVE-2026-44455 | medium | 6.1 | 6.1 | 16d ago | hono/jsx has Unvalidated JSX Tag Names that May Allow HTML Injection | |||
| CVE-2026-44457 | medium | 5.3 | 5.3 | 16d ago | Hono's Cache Middleware ignores Vary: Authorization / Vary: Cookie leading to cross-user cache leakage | |||
| CVE-2026-44458 | medium | 4.3 | 4.3 | 16d ago | Hono has CSS Declaration Injection via Style Object Values in JSX SSR |