Package impact
npm / hono
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-44456 | medium | 6.5 | 6.5 | 15d ago | Hono: bodyLimit() can be bypassed for chunked / unknown-length requests | |||
| CVE-2026-44455 | medium | 6.1 | 6.1 | 15d ago | hono/jsx has Unvalidated JSX Tag Names that May Allow HTML Injection | |||
| CVE-2026-44457 | medium | 5.3 | 5.3 | 15d ago | Hono's Cache Middleware ignores Vary: Authorization / Vary: Cookie leading to cross-user cache leakage | |||
| CVE-2026-44458 | medium | 4.3 | 4.3 | 15d ago | Hono has CSS Declaration Injection via Style Object Values in JSX SSR | |||
| CVE-2026-44459 | low | 3.8 | 3.8 | 15d ago | Hono has improper validation of NumericDate claims (exp, nbf, iat) in JWT verify() |