VIR Vulnerability Intelligence Relay

Package impact

npm npm / hono

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-47673 medium 6.5 6.5 8d ago Hono: JWT middleware accepts any Authorization scheme, not only Bearer
CVE-2026-44456 medium 6.5 6.5 23d ago Hono: bodyLimit() can be bypassed for chunked / unknown-length requests
CVE-2026-44455 medium 6.1 6.1 23d ago hono/jsx has Unvalidated JSX Tag Names that May Allow HTML Injection
CVE-2026-47676 medium 5.3 5.3 8d ago Hono: app.mount() strips mount prefix using undecoded path, causing incorrect routing for percent-encoded paths
CVE-2026-47675 medium 5.3 5.3 8d ago Hono: Cookie helper does not sanitize sameSite and priority, allowing Set-Cookie injection
CVE-2026-47674 medium 5.3 5.3 8d ago Hono: IP Restriction bypasses static deny rules for non-canonical IPv6
CVE-2026-44457 medium 5.3 5.3 23d ago Hono's Cache Middleware ignores Vary: Authorization / Vary: Cookie leading to cross-user cache leakage
CVE-2026-44458 medium 4.3 4.3 23d ago Hono has CSS Declaration Injection via Style Object Values in JSX SSR
CVE-2026-44459 low 3.8 3.8 23d ago Hono has improper validation of NumericDate claims (exp, nbf, iat) in JWT verify()