Package impact
NPM / hono
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-44456 | medium | 6.5 | 6.5 | 15d ago | Hono: bodyLimit() can be bypassed for chunked / unknown-length requests | |
| CVE-2026-44455 | medium | 6.1 | 6.1 | 15d ago | hono/jsx has Unvalidated JSX Tag Names that May Allow HTML Injection | |
| CVE-2026-44457 | medium | 5.3 | 5.3 | 15d ago | Hono's Cache Middleware ignores Vary: Authorization / Vary: Cookie leading to cross-user cache leakage | |
| CVE-2026-44458 | medium | 4.3 | 4.3 | 15d ago | Hono has CSS Declaration Injection via Style Object Values in JSX SSR |