VYPR

Node Server

by Honojs

Source repositories

CVEs (4)

  • CVE-2026-29087HigMar 6, 2026
    risk 0.42cvss 7.5epss 0.00

    @hono/node-server allows running the Hono application on Node.js. Prior to version 1.19.10, when using @hono/node-server's static file serving together with route-based middleware protections (e.g. protecting /admin/*), inconsistent URL decoding can allow protected static…

  • CVE-2026-39406MedApr 8, 2026
    risk 0.27cvss 5.3epss 0.00

    @hono/node-server allows running the Hono application on Node.js. Prior to 1.19.13, a path handling inconsistency in serveStatic allows protected static files to be accessed by using repeated slashes (//) in the request path. When route-based middleware (e.g., /admin/*) is used…

  • CVE-2024-32652Apr 19, 2024
    risk 0.00cvss epss 0.01

    The adapter @hono/node-server allows you to run your Hono application on Node.js. Prior to 1.10.1, the application hangs when receiving a Host header with a value that `@hono/node-server` can't handle well. Invalid values are those that cannot be parsed by the `URL` as a…

  • CVE-2024-23340Jan 22, 2024
    risk 0.00cvss epss 0.01

    @hono/node-server is an adapter that allows users to run Hono applications on Node.js. Since v1.3.0, @hono/node-server has used its own Request object with `url` behavior that is unexpected. In the standard API, if the URL contains `..`, here called "double dots", the URL string…