CVE-2026-44459

< 4.12.18

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, improper validation of the

3.8LOW

CVE-2026-44458

< 4.12.18

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, the JSX renderer escapes s

4.3MEDIUM

CVE-2026-44457

< 4.12.18

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, Cache Middleware does not

5.3MEDIUM

CVE-2026-44456

< 4.12.16

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.16, bodyLimit() does not relia

6.5MEDIUM

CVE-2026-44455

< 4.12.16

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.16, Improper handling of JSX e

4.7MEDIUM

CVE-2026-39410

<= 4.12.11

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.12, a discrepancy between brow

4.8MEDIUM

CVE-2026-39409

<= 4.12.11

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.12, ipRestriction() does not c

5.3MEDIUM

CVE-2026-39408

>= 4.0.0 and <= 4.12.11

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.12, a path traversal issue in

7.5HIGH

CVE-2026-39407

<= 4.12.11

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.12, a path handling inconsiste

5.3MEDIUM

CVE-2026-39406

<= 1.19.12

@hono/node-server allows running the Hono application on Node.js. Prior to 1.19.13, a path handling inconsistency in serveStatic a

5.3MEDIUM

CVE-2026-29087

< 1.19.10

@hono/node-server allows running the Hono application on Node.js. Prior to version 1.19.10, when using @hono/node-server's static

7.5HIGH

CVE-2026-29086

< 4.12.4

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, the setCookie() uti

5.4MEDIUM

CVE-2026-29085

< 4.12.4

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, when using streamSS

6.5MEDIUM

CVE-2026-29045

< 4.12.4

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, when using serveSta

7.5HIGH

CVE-2026-27700

>= 4.12.0 and < 4.12.2

Hono is a Web application framework that provides support for any JavaScript runtime. In versions 4.12.0 and 4.12.1, when using th

8.2HIGH

CVE-2026-24771

< 4.11.7

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, a Cross-Site Script

4.7MEDIUM

CVE-2026-24473

< 4.11.7

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, Serve static Middle

5.3MEDIUM

CVE-2026-24472

< 4.11.7

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, Cache Middleware co

5.3MEDIUM

CVE-2026-24398

< 4.11.7

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, IP Restriction Midd

4.8MEDIUM

CVE-2026-22818

< 4.11.4

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.11.4, there is a flaw in Hono’s

8.2HIGH

CVE-2026-22817

< 4.11.4

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.11.4, there is a flaw in Hono’s

8.2HIGH

CVE-2025-62610

>= 1.1.0 and < 4.10.2

Hono is a Web application framework that provides support for any JavaScript runtime. In versions from 1.1.0 to before 4.10.2, Hon

8.1HIGH

CVE-2025-59139

< 4.9.7

Hono is a Web application framework that provides support for any JavaScript runtime. In versions prior to 4.9.7, a flaw in the `b

5.3MEDIUM

CVE-2025-58362

>= 4.8.0 and < 4.9.6

Hono is a Web application framework that provides support for any JavaScript runtime. Versions 4.8.0 through 4.9.5 contain a flaw

7.5HIGH

CVE-2024-48913

< 4.6.5

Hono, a web framework, prior to version 4.6.5 is vulnerable to bypass of cross-site request forgery (CSRF) middleware by a request

5.9MEDIUM

CVE-2024-43787

< 4.5.8

Hono is a Web application framework that provides support for any JavaScript runtime. Hono CSRF middleware can be bypassed using c

5.0MEDIUM

CVE-2024-32869

< 4.2.7

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.2.7, when using serveStat

5.3MEDIUM

CVE-2024-32652

>= 1.3.0 and < 1.10.1

The adapter @hono/node-server allows you to run your Hono application on Node.js. Prior to 1.10.1, the application hangs when rece

7.5HIGH

CVE-2024-23340

>= 1.3.0 and < 1.4.1

@hono/node-server is an adapter that allows users to run Hono applications on Node.js. Since v1.3.0, @hono/node-server has used it

5.3MEDIUM

CVE-2023-50710

< 3.11.7

Hono is a web framework written in TypeScript. Prior to version 3.11.7, clients may override named path parameter values from prev

4.2MEDIUM

CVE-2020-27220

>= 1.4.0 and <= 1.4.4

The Eclipse Hono AMQP and MQTT protocol adapters do not check whether an authenticated gateway device is authorized to receive com

8.8HIGH

CVE-2020-27217

all versions

In Eclipse Hono version 1.3.0 and 1.4.0 the AMQP protocol adapter does not verify the size of AMQP messages received from devices.

7.5HIGH