Security: honojs/hono
Security
No security policy detected
This project has not set up a SECURITY.md file yet.
Report a vulnerability-
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in honoGHSA-9r54-q6cx-xmh5 published
Jan 27, 2026 by yusukebeModerate -
Arbitrary Key Read in Serve static Middleware(Cloudflare Workers Adapter)GHSA-w332-q679-j88p published
Jan 27, 2026 by yusukebeModerate -
IPv4 address validation bypass in IP Restriction Middleware allows IP spoofingGHSA-r354-f388-2fhh published
Jan 27, 2026 by yusukebeModerate -
Cache Middleware ignores `Cache-Control: private` leading to Web Cache DeceptionGHSA-6wqw-2p9w-4vw4 published
Jan 27, 2026 by yusukebeModerate -
JWT algorithm confusion in Hono JWK Auth Middleware when JWK lacks "alg" (untrusted header.alg fallback)GHSA-3vhc-576x-3qv4 published
Jan 13, 2026 by yusukebeHigh -
JWT Algorithm Confusion via Unsafe Default (HS256) in Hono JWT Middleware Allows Token Forgery and Auth BypassGHSA-f67f-6cw9-8mq4 published
Jan 13, 2026 by yusukebeHigh -
Vary Header Injection leading to potential CORS BypassGHSA-q7jf-gf43-6x6p published
Oct 24, 2025 by yusukebeModerate -
Improper Authorization in honoGHSA-m732-5p4w-x69g published
Oct 21, 2025 by yusukebeHigh -
Body Limit Middleware BypassGHSA-92vj-g62v-jqhh published
Sep 12, 2025 by yusukebeModerate -
Flaw in URL path parsing could cause path confusionGHSA-9hp6-4448-45g2 published
Sep 3, 2025 by yusukebeHigh
Learn more about advisories related to honojs/hono in the GitHub Advisory Database