Security: honojs/hono
Security
No security policy detected
This project has not set up a SECURITY.md file yet.
Report a vulnerability-
Non-breaking space prefix bypass in cookie name handling in getCookie()GHSA-r5rp-j6wh-rvv4 published
Apr 7, 2026 by yusukebeModerate -
Missing validation of cookie name on write path in setCookie()GHSA-26pp-8wgv-hjvm published
Apr 7, 2026 by yusukebeModerate -
Incorrect IP matching in ipRestriction() for IPv4-mapped IPv6 addressesGHSA-xpcf-pg52-r92g published
Apr 7, 2026 by yusukebeModerate -
Path traversal in toSSG() allows writing files outside the output directoryGHSA-xf4j-xp2r-rqqx published
Apr 7, 2026 by yusukebeModerate -
Middleware bypass via repeated slashes in serveStaticGHSA-wmmm-f939-6g9c published
Apr 7, 2026 by yusukebeModerate -
__proto__ key allowed in parseBody({ dot: true })GHSA-v8w9-8mx6-g223 published
Mar 10, 2026 by yusukebeModerate -
Cookie Attribute Injection via Unsanitized domain and path in setCookie()GHSA-5pq2-9x2x-5p6w published
Mar 3, 2026 by yusukebeModerate -
SSE Control Field Injection via CR/LF in writeSSE()GHSA-p6xx-57qc-3wxr published
Mar 3, 2026 by yusukebeModerate -
Arbitrary file access via serveStatic vulnerabilityGHSA-q5qw-h33p-qvwr published
Mar 3, 2026 by yusukebeHigh -
Authentication Bypass by IP Spoofing in AWS Lambda ALB conninfoGHSA-xh87-mx6m-69f3 published
Feb 23, 2026 by yusukebeHigh
Learn more about advisories related to honojs/hono in the GitHub Advisory Database