@hono/node-server (npm) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package @hono/node-server, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (4)
CVE-2024-32652 — CVSS 7.5 (high): The adapter @hono/node-server allows you to run your Hono application on Node.js. Prior to 1.10.1, the application hangs when receiving a…
CVE-2026-29087 — CVSS 7.5 (high): @hono/node-server allows running the Hono application on Node.js. Prior to version 1.19.10, when using @hono/node-server's static file…
CVE-2024-23340 — CVSS 5.3 (medium): @hono/node-server is an adapter that allows users to run Hono applications on Node.js. Since v1.3.0, @hono/node-server has used its own…
CVE-2026-39406 — CVSS 5.3 (medium): @hono/node-server allows running the Hono application on Node.js. Prior to 1.19.13, a path handling inconsistency in serveStatic allows…