pkg:npm/@hono/node-server

All known vulnerabilities

• HIGH7.5CVE-2026-29087@hono/node-server has authorization bypass for protected static paths via encoded slashes in Serve Static Middleware
  from 0, < 1.19.10
• HIGH7.5CVE-2024-32652@hono/node-server has Denial of Service risk when receiving Host header that cannot be parsed
  >= 1.3.0, < 1.10.1
• MEDIUM5.3CVE-2026-39406@hono/node-server: Middleware bypass via repeated slashes in serveStatic
  from 0, < 1.19.13
• MEDIUM5.3@hono/node-server cannot handle "double dots" in URL
  >= 1.3.0, < 1.4.1