VulnerableCode.io REST API

Lookup for vulnerable packages by Package URL.

GET /api/packages/671510?format=api

HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/packages/671510?format=api",
    "purl": "pkg:npm/hono@0.0.14",
    "type": "npm",
    "namespace": "",
    "name": "hono",
    "version": "0.0.14",
    "qualifiers": {},
    "subpath": "",
    "is_vulnerable": true,
    "next_non_vulnerable_version": "4.12.18",
    "latest_non_vulnerable_version": "4.12.21",
    "affected_by_vulnerabilities": [
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82828?format=api",
            "vulnerability_id": "VCID-1mzm-bnvy-1ugp",
            "summary": "Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, a Cross-Site Scripting (XSS) vulnerability exists in the `ErrorBoundary` component of the hono/jsx library. Under certain usage patterns, untrusted user-controlled strings may be rendered as raw HTML, allowing arbitrary script execution in the victim's browser. Version 4.11.7 patches the issue.",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24771",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00069",
                            "scoring_system": "epss",
                            "scoring_elements": "0.21448",
                            "published_at": "2026-06-12T12:55:00Z"
                        },
                        {
                            "value": "0.00069",
                            "scoring_system": "epss",
                            "scoring_elements": "0.21264",
                            "published_at": "2026-06-11T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24771"
                },
                {
                    "reference_url": "https://github.com/honojs/hono",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.7",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/honojs/hono"
                },
                {
                    "reference_url": "https://github.com/honojs/hono/commit/2cf60046d730df9fd0aba85178f3ecfe8212d990",
                    "reference_id": "2cf60046d730df9fd0aba85178f3ecfe8212d990",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.7",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-27T20:36:05Z/"
                        }
                    ],
                    "url": "https://github.com/honojs/hono/commit/2cf60046d730df9fd0aba85178f3ecfe8212d990"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24771",
                    "reference_id": "CVE-2026-24771",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.7",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24771"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-9r54-q6cx-xmh5",
                    "reference_id": "GHSA-9r54-q6cx-xmh5",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-9r54-q6cx-xmh5"
                },
                {
                    "reference_url": "https://github.com/honojs/hono/security/advisories/GHSA-9r54-q6cx-xmh5",
                    "reference_id": "GHSA-9r54-q6cx-xmh5",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.7",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-27T20:36:05Z/"
                        }
                    ],
                    "url": "https://github.com/honojs/hono/security/advisories/GHSA-9r54-q6cx-xmh5"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/38214?format=api",
                    "purl": "pkg:npm/hono@4.11.7",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-36hs-1ykr-xbcs"
                        },
                        {
                            "vulnerability": "VCID-3d6m-3rha-dkc2"
                        },
                        {
                            "vulnerability": "VCID-7xab-d7wk-83c5"
                        },
                        {
                            "vulnerability": "VCID-8dsh-qx5a-mkgz"
                        },
                        {
                            "vulnerability": "VCID-9xtz-up2w-mqdh"
                        },
                        {
                            "vulnerability": "VCID-ajhs-ueyw-pfbz"
                        },
                        {
                            "vulnerability": "VCID-dy2t-qdtz-d3a1"
                        },
                        {
                            "vulnerability": "VCID-e3g1-j76d-ebes"
                        },
                        {
                            "vulnerability": "VCID-e479-yqm3-wkg4"
                        },
                        {
                            "vulnerability": "VCID-hghf-rym3-3ufa"
                        },
                        {
                            "vulnerability": "VCID-mfkw-vtvw-bqas"
                        },
                        {
                            "vulnerability": "VCID-q2gc-djt2-a3e9"
                        },
                        {
                            "vulnerability": "VCID-rcau-p84w-3bgs"
                        },
                        {
                            "vulnerability": "VCID-tqjc-xv4n-5yb4"
                        },
                        {
                            "vulnerability": "VCID-uwfg-jrfw-s7cc"
                        },
                        {
                            "vulnerability": "VCID-zf4g-8fjt-qke8"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/hono@4.11.7"
                }
            ],
            "aliases": [
                "CVE-2026-24771",
                "GHSA-9r54-q6cx-xmh5"
            ],
            "risk_score": 3.1,
            "exploitability": "0.5",
            "weighted_severity": "6.2",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1mzm-bnvy-1ugp"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74063?format=api",
            "vulnerability_id": "VCID-36hs-1ykr-xbcs",
            "summary": "Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, the setCookie() utility did not validate semicolons (;), carriage returns (\\r), or newline characters (\\n) in the domain and path options when constructing the Set-Cookie header. Because cookie attributes are delimited by semicolons, this could allow injection of additional cookie attributes if untrusted input was passed into these fields. This issue has been patched in version 4.12.4.",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-29086",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.0004",
                            "scoring_system": "epss",
                            "scoring_elements": "0.12749",
                            "published_at": "2026-06-12T12:55:00Z"
                        },
                        {
                            "value": "0.0004",
                            "scoring_system": "epss",
                            "scoring_elements": "0.12659",
                            "published_at": "2026-06-11T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-29086"
                },
                {
                    "reference_url": "https://github.com/honojs/hono",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.4",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/honojs/hono"
                },
                {
                    "reference_url": "https://github.com/honojs/hono/commit/44ae0c8cc4d5ab2bed529127a4ac72e1483ad073",
                    "reference_id": "44ae0c8cc4d5ab2bed529127a4ac72e1483ad073",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.4",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-05T15:29:14Z/"
                        }
                    ],
                    "url": "https://github.com/honojs/hono/commit/44ae0c8cc4d5ab2bed529127a4ac72e1483ad073"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29086",
                    "reference_id": "CVE-2026-29086",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.4",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29086"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-5pq2-9x2x-5p6w",
                    "reference_id": "GHSA-5pq2-9x2x-5p6w",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-5pq2-9x2x-5p6w"
                },
                {
                    "reference_url": "https://github.com/honojs/hono/security/advisories/GHSA-5pq2-9x2x-5p6w",
                    "reference_id": "GHSA-5pq2-9x2x-5p6w",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.4",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-05T15:29:14Z/"
                        }
                    ],
                    "url": "https://github.com/honojs/hono/security/advisories/GHSA-5pq2-9x2x-5p6w"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/40180?format=api",
                    "purl": "pkg:npm/hono@4.12.4",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-3d6m-3rha-dkc2"
                        },
                        {
                            "vulnerability": "VCID-7xab-d7wk-83c5"
                        },
                        {
                            "vulnerability": "VCID-9xtz-up2w-mqdh"
                        },
                        {
                            "vulnerability": "VCID-ajhs-ueyw-pfbz"
                        },
                        {
                            "vulnerability": "VCID-dy2t-qdtz-d3a1"
                        },
                        {
                            "vulnerability": "VCID-e3g1-j76d-ebes"
                        },
                        {
                            "vulnerability": "VCID-e479-yqm3-wkg4"
                        },
                        {
                            "vulnerability": "VCID-hghf-rym3-3ufa"
                        },
                        {
                            "vulnerability": "VCID-mfkw-vtvw-bqas"
                        },
                        {
                            "vulnerability": "VCID-q2gc-djt2-a3e9"
                        },
                        {
                            "vulnerability": "VCID-uwfg-jrfw-s7cc"
                        },
                        {
                            "vulnerability": "VCID-zf4g-8fjt-qke8"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/hono@4.12.4"
                }
            ],
            "aliases": [
                "CVE-2026-29086",
                "GHSA-5pq2-9x2x-5p6w"
            ],
            "risk_score": 3.1,
            "exploitability": "0.5",
            "weighted_severity": "6.2",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-36hs-1ykr-xbcs"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/68028?format=api",
            "vulnerability_id": "VCID-3d6m-3rha-dkc2",
            "summary": "Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.16, bodyLimit() does not reliably enforce maxSize for requests without a usable Content-Length (e.g. Transfer-Encoding: chunked). Oversized requests can reach handlers and return 200 instead of 413. This vulnerability is fixed in 4.12.16.",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44456",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00012",
                            "scoring_system": "epss",
                            "scoring_elements": "0.01939",
                            "published_at": "2026-06-12T12:55:00Z"
                        },
                        {
                            "value": "0.00012",
                            "scoring_system": "epss",
                            "scoring_elements": "0.01936",
                            "published_at": "2026-06-11T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44456"
                },
                {
                    "reference_url": "https://github.com/honojs/hono",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/honojs/hono"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44456",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44456"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-9vqf-7f2p-gf9v",
                    "reference_id": "GHSA-9vqf-7f2p-gf9v",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-9vqf-7f2p-gf9v"
                },
                {
                    "reference_url": "https://github.com/honojs/hono/security/advisories/GHSA-9vqf-7f2p-gf9v",
                    "reference_id": "GHSA-9vqf-7f2p-gf9v",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-13T15:31:08Z/"
                        }
                    ],
                    "url": "https://github.com/honojs/hono/security/advisories/GHSA-9vqf-7f2p-gf9v"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/375696?format=api",
                    "purl": "pkg:npm/hono@4.12.16",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-7xab-d7wk-83c5"
                        },
                        {
                            "vulnerability": "VCID-mfkw-vtvw-bqas"
                        },
                        {
                            "vulnerability": "VCID-zf4g-8fjt-qke8"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/hono@4.12.16"
                }
            ],
            "aliases": [
                "CVE-2026-44456",
                "GHSA-9vqf-7f2p-gf9v"
            ],
            "risk_score": 3.1,
            "exploitability": "0.5",
            "weighted_severity": "6.2",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3d6m-3rha-dkc2"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/100919?format=api",
            "vulnerability_id": "VCID-6vuz-qwz8-h7ba",
            "summary": "Hono is a Web application framework that provides support for any JavaScript runtime. In versions prior to 4.9.7, a flaw in the `bodyLimit` middleware could allow bypassing the configured request body size limit when conflicting HTTP headers were present. The middleware previously prioritized the `Content-Length` header even when a `Transfer-Encoding: chunked` header was also included. According to the HTTP specification, `Content-Length` must be ignored in such cases. This discrepancy could allow oversized request bodies to bypass the configured limit. Most standards-compliant runtimes and reverse proxies may reject such malformed requests with `400 Bad Request`, so the practical impact depends on the runtime and deployment environment. If body size limits are used as a safeguard against large or malicious requests, this flaw could allow attackers to send oversized request bodies. The primary risk is denial of service (DoS) due to excessive memory or CPU consumption when handling very large requests. The implementation has been updated to align with the HTTP specification, ensuring that `Transfer-Encoding` takes precedence over `Content-Length`. The issue is fixed in Hono v4.9.7, and all users should upgrade immediately.",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59139",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00044",
                            "scoring_system": "epss",
                            "scoring_elements": "0.13892",
                            "published_at": "2026-06-11T12:55:00Z"
                        },
                        {
                            "value": "0.00044",
                            "scoring_system": "epss",
                            "scoring_elements": "0.14009",
                            "published_at": "2026-06-12T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59139"
                },
                {
                    "reference_url": "https://github.com/honojs/hono",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/honojs/hono"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59139",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59139"
                },
                {
                    "reference_url": "https://github.com/honojs/hono/commit/605c70560b52f13af10379f79b76717042fafe8d",
                    "reference_id": "605c70560b52f13af10379f79b76717042fafe8d",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-12T13:43:41Z/"
                        }
                    ],
                    "url": "https://github.com/honojs/hono/commit/605c70560b52f13af10379f79b76717042fafe8d"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-92vj-g62v-jqhh",
                    "reference_id": "GHSA-92vj-g62v-jqhh",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://github.com/advisories/GHSA-92vj-g62v-jqhh"
                },
                {
                    "reference_url": "https://github.com/honojs/hono/security/advisories/GHSA-92vj-g62v-jqhh",
                    "reference_id": "GHSA-92vj-g62v-jqhh",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-12T13:43:41Z/"
                        }
                    ],
                    "url": "https://github.com/honojs/hono/security/advisories/GHSA-92vj-g62v-jqhh"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/376798?format=api",
                    "purl": "pkg:npm/hono@4.9.7",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-1mzm-bnvy-1ugp"
                        },
                        {
                            "vulnerability": "VCID-2yns-6tp8-7kbn"
                        },
                        {
                            "vulnerability": "VCID-36hs-1ykr-xbcs"
                        },
                        {
                            "vulnerability": "VCID-3d6m-3rha-dkc2"
                        },
                        {
                            "vulnerability": "VCID-7xab-d7wk-83c5"
                        },
                        {
                            "vulnerability": "VCID-8dsh-qx5a-mkgz"
                        },
                        {
                            "vulnerability": "VCID-8vd9-z7ze-nqgf"
                        },
                        {
                            "vulnerability": "VCID-9xtz-up2w-mqdh"
                        },
                        {
                            "vulnerability": "VCID-ajhs-ueyw-pfbz"
                        },
                        {
                            "vulnerability": "VCID-dy2t-qdtz-d3a1"
                        },
                        {
                            "vulnerability": "VCID-e3g1-j76d-ebes"
                        },
                        {
                            "vulnerability": "VCID-e479-yqm3-wkg4"
                        },
                        {
                            "vulnerability": "VCID-ewdf-92st-nkep"
                        },
                        {
                            "vulnerability": "VCID-f57r-9u5c-ebh4"
                        },
                        {
                            "vulnerability": "VCID-hghf-rym3-3ufa"
                        },
                        {
                            "vulnerability": "VCID-mfkw-vtvw-bqas"
                        },
                        {
                            "vulnerability": "VCID-q2gc-djt2-a3e9"
                        },
                        {
                            "vulnerability": "VCID-rcau-p84w-3bgs"
                        },
                        {
                            "vulnerability": "VCID-tqjc-xv4n-5yb4"
                        },
                        {
                            "vulnerability": "VCID-uuwp-p8jb-akfq"
                        },
                        {
                            "vulnerability": "VCID-uwfg-jrfw-s7cc"
                        },
                        {
                            "vulnerability": "VCID-wm8v-yjdh-ubfu"
                        },
                        {
                            "vulnerability": "VCID-xymw-92x9-63fb"
                        },
                        {
                            "vulnerability": "VCID-zf4g-8fjt-qke8"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/hono@4.9.7"
                }
            ],
            "aliases": [
                "CVE-2025-59139",
                "GHSA-92vj-g62v-jqhh"
            ],
            "risk_score": 3.1,
            "exploitability": "0.5",
            "weighted_severity": "6.2",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6vuz-qwz8-h7ba"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/359295?format=api",
            "vulnerability_id": "VCID-7xab-d7wk-83c5",
            "summary": "",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44459",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00021",
                            "scoring_system": "epss",
                            "scoring_elements": "0.0606",
                            "published_at": "2026-06-11T12:55:00Z"
                        },
                        {
                            "value": "0.00021",
                            "scoring_system": "epss",
                            "scoring_elements": "0.06083",
                            "published_at": "2026-06-12T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44459"
                },
                {
                    "reference_url": "https://github.com/honojs/hono",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "3.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"
                        },
                        {
                            "value": "LOW",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/honojs/hono"
                },
                {
                    "reference_url": "https://github.com/honojs/hono/security/advisories/GHSA-hm8q-7f3q-5f36",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "3.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"
                        },
                        {
                            "value": "LOW",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        },
                        {
                            "value": "LOW",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/honojs/hono/security/advisories/GHSA-hm8q-7f3q-5f36"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44459",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "3.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"
                        },
                        {
                            "value": "LOW",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44459"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-hm8q-7f3q-5f36",
                    "reference_id": "GHSA-hm8q-7f3q-5f36",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "LOW",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-hm8q-7f3q-5f36"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/375796?format=api",
                    "purl": "pkg:npm/hono@4.12.18",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/hono@4.12.18"
                }
            ],
            "aliases": [
                "CVE-2026-44459",
                "GHSA-hm8q-7f3q-5f36"
            ],
            "risk_score": 1.7,
            "exploitability": "0.5",
            "weighted_severity": "3.4",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7xab-d7wk-83c5"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/212601?format=api",
            "vulnerability_id": "VCID-8dsh-qx5a-mkgz",
            "summary": "Hono added timing comparison hardening in basicAuth and bearerAuth",
            "references": [
                {
                    "reference_url": "https://github.com/honojs/hono",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "3.7",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
                        },
                        {
                            "value": "LOW",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/honojs/hono"
                },
                {
                    "reference_url": "https://github.com/honojs/hono/commit/91def7cab654bad5eecc9270e6620d577971ff5e",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "3.7",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
                        },
                        {
                            "value": "LOW",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/honojs/hono/commit/91def7cab654bad5eecc9270e6620d577971ff5e"
                },
                {
                    "reference_url": "https://github.com/honojs/hono/releases/tag/v4.11.10",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "3.7",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
                        },
                        {
                            "value": "LOW",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/honojs/hono/releases/tag/v4.11.10"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-gq3j-xvxp-8hrf",
                    "reference_id": "GHSA-gq3j-xvxp-8hrf",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "LOW",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-gq3j-xvxp-8hrf"
                },
                {
                    "reference_url": "https://github.com/honojs/hono/security/advisories/GHSA-gq3j-xvxp-8hrf",
                    "reference_id": "GHSA-gq3j-xvxp-8hrf",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "3.7",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
                        },
                        {
                            "value": "LOW",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        },
                        {
                            "value": "LOW",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/honojs/hono/security/advisories/GHSA-gq3j-xvxp-8hrf"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/39434?format=api",
                    "purl": "pkg:npm/hono@4.11.10",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-36hs-1ykr-xbcs"
                        },
                        {
                            "vulnerability": "VCID-3d6m-3rha-dkc2"
                        },
                        {
                            "vulnerability": "VCID-7xab-d7wk-83c5"
                        },
                        {
                            "vulnerability": "VCID-9xtz-up2w-mqdh"
                        },
                        {
                            "vulnerability": "VCID-ajhs-ueyw-pfbz"
                        },
                        {
                            "vulnerability": "VCID-dy2t-qdtz-d3a1"
                        },
                        {
                            "vulnerability": "VCID-e3g1-j76d-ebes"
                        },
                        {
                            "vulnerability": "VCID-e479-yqm3-wkg4"
                        },
                        {
                            "vulnerability": "VCID-hghf-rym3-3ufa"
                        },
                        {
                            "vulnerability": "VCID-mfkw-vtvw-bqas"
                        },
                        {
                            "vulnerability": "VCID-q2gc-djt2-a3e9"
                        },
                        {
                            "vulnerability": "VCID-rcau-p84w-3bgs"
                        },
                        {
                            "vulnerability": "VCID-tqjc-xv4n-5yb4"
                        },
                        {
                            "vulnerability": "VCID-uwfg-jrfw-s7cc"
                        },
                        {
                            "vulnerability": "VCID-zf4g-8fjt-qke8"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/hono@4.11.10"
                }
            ],
            "aliases": [
                "GHSA-gq3j-xvxp-8hrf"
            ],
            "risk_score": 1.6,
            "exploitability": "0.5",
            "weighted_severity": "3.3",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8dsh-qx5a-mkgz"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83503?format=api",
            "vulnerability_id": "VCID-8vd9-z7ze-nqgf",
            "summary": "Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.11.4, there is a flaw in Hono’s JWK/JWKS JWT verification middleware allowed the JWT header’s alg value to influence signature verification when the selected JWK did not explicitly specify an algorithm. This could enable JWT algorithm confusion and, in certain configurations, allow forged tokens to be accepted. As part of this fix, the JWT middleware now requires the alg option to be explicitly specified. This prevents algorithm confusion by ensuring that the verification algorithm is not derived from untrusted JWT header values. This vulnerability is fixed in 4.11.4.",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-22817",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.0002",
                            "scoring_system": "epss",
                            "scoring_elements": "0.05678",
                            "published_at": "2026-06-12T12:55:00Z"
                        },
                        {
                            "value": "0.0002",
                            "scoring_system": "epss",
                            "scoring_elements": "0.05888",
                            "published_at": "2026-06-11T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-22817"
                },
                {
                    "reference_url": "https://github.com/honojs/hono",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "8.2",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/honojs/hono"
                },
                {
                    "reference_url": "https://github.com/honojs/hono/commit/cc0aa7ae327ed84cc391d29086dec2a3e44e7a1f",
                    "reference_id": "cc0aa7ae327ed84cc391d29086dec2a3e44e7a1f",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "8.2",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-14T19:12:27Z/"
                        }
                    ],
                    "url": "https://github.com/honojs/hono/commit/cc0aa7ae327ed84cc391d29086dec2a3e44e7a1f"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22817",
                    "reference_id": "CVE-2026-22817",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "8.2",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22817"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-f67f-6cw9-8mq4",
                    "reference_id": "GHSA-f67f-6cw9-8mq4",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "HIGH",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-f67f-6cw9-8mq4"
                },
                {
                    "reference_url": "https://github.com/honojs/hono/security/advisories/GHSA-f67f-6cw9-8mq4",
                    "reference_id": "GHSA-f67f-6cw9-8mq4",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "8.2",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-14T19:12:27Z/"
                        }
                    ],
                    "url": "https://github.com/honojs/hono/security/advisories/GHSA-f67f-6cw9-8mq4"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/37718?format=api",
                    "purl": "pkg:npm/hono@4.11.4",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-1mzm-bnvy-1ugp"
                        },
                        {
                            "vulnerability": "VCID-36hs-1ykr-xbcs"
                        },
                        {
                            "vulnerability": "VCID-3d6m-3rha-dkc2"
                        },
                        {
                            "vulnerability": "VCID-7xab-d7wk-83c5"
                        },
                        {
                            "vulnerability": "VCID-8dsh-qx5a-mkgz"
                        },
                        {
                            "vulnerability": "VCID-9xtz-up2w-mqdh"
                        },
                        {
                            "vulnerability": "VCID-ajhs-ueyw-pfbz"
                        },
                        {
                            "vulnerability": "VCID-dy2t-qdtz-d3a1"
                        },
                        {
                            "vulnerability": "VCID-e3g1-j76d-ebes"
                        },
                        {
                            "vulnerability": "VCID-e479-yqm3-wkg4"
                        },
                        {
                            "vulnerability": "VCID-ewdf-92st-nkep"
                        },
                        {
                            "vulnerability": "VCID-f57r-9u5c-ebh4"
                        },
                        {
                            "vulnerability": "VCID-hghf-rym3-3ufa"
                        },
                        {
                            "vulnerability": "VCID-mfkw-vtvw-bqas"
                        },
                        {
                            "vulnerability": "VCID-q2gc-djt2-a3e9"
                        },
                        {
                            "vulnerability": "VCID-rcau-p84w-3bgs"
                        },
                        {
                            "vulnerability": "VCID-tqjc-xv4n-5yb4"
                        },
                        {
                            "vulnerability": "VCID-uwfg-jrfw-s7cc"
                        },
                        {
                            "vulnerability": "VCID-wm8v-yjdh-ubfu"
                        },
                        {
                            "vulnerability": "VCID-zf4g-8fjt-qke8"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/hono@4.11.4"
                }
            ],
            "aliases": [
                "CVE-2026-22817",
                "GHSA-f67f-6cw9-8mq4"
            ],
            "risk_score": 4.0,
            "exploitability": "0.5",
            "weighted_severity": "8.0",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8vd9-z7ze-nqgf"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/73093?format=api",
            "vulnerability_id": "VCID-9xtz-up2w-mqdh",
            "summary": "Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.12, a path handling inconsistency in serveStatic allows protected static files to be accessed by using repeated slashes (//) in the request path. When route-based middleware (e.g., /admin/*) is used for authorization, the router may not match paths containing repeated slashes, while serveStatic resolves them as normalized paths. This can lead to a middleware bypass. This vulnerability is fixed in 4.12.12.",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-39407",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00021",
                            "scoring_system": "epss",
                            "scoring_elements": "0.06246",
                            "published_at": "2026-06-11T12:55:00Z"
                        },
                        {
                            "value": "0.00021",
                            "scoring_system": "epss",
                            "scoring_elements": "0.06268",
                            "published_at": "2026-06-12T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-39407"
                },
                {
                    "reference_url": "https://github.com/honojs/hono",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/honojs/hono"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39407",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39407"
                },
                {
                    "reference_url": "https://github.com/honojs/hono/commit/9aff14bd727f8b0435c963363fd803260e7b8e3c",
                    "reference_id": "9aff14bd727f8b0435c963363fd803260e7b8e3c",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-08T16:04:53Z/"
                        }
                    ],
                    "url": "https://github.com/honojs/hono/commit/9aff14bd727f8b0435c963363fd803260e7b8e3c"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-wmmm-f939-6g9c",
                    "reference_id": "GHSA-wmmm-f939-6g9c",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-wmmm-f939-6g9c"
                },
                {
                    "reference_url": "https://github.com/honojs/hono/security/advisories/GHSA-wmmm-f939-6g9c",
                    "reference_id": "GHSA-wmmm-f939-6g9c",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-08T16:04:53Z/"
                        }
                    ],
                    "url": "https://github.com/honojs/hono/security/advisories/GHSA-wmmm-f939-6g9c"
                },
                {
                    "reference_url": "https://github.com/honojs/hono/releases/tag/v4.12.12",
                    "reference_id": "v4.12.12",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-08T16:04:53Z/"
                        }
                    ],
                    "url": "https://github.com/honojs/hono/releases/tag/v4.12.12"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/373301?format=api",
                    "purl": "pkg:npm/hono@4.12.12",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-3d6m-3rha-dkc2"
                        },
                        {
                            "vulnerability": "VCID-7xab-d7wk-83c5"
                        },
                        {
                            "vulnerability": "VCID-dy2t-qdtz-d3a1"
                        },
                        {
                            "vulnerability": "VCID-e479-yqm3-wkg4"
                        },
                        {
                            "vulnerability": "VCID-mfkw-vtvw-bqas"
                        },
                        {
                            "vulnerability": "VCID-zf4g-8fjt-qke8"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/hono@4.12.12"
                }
            ],
            "aliases": [
                "CVE-2026-39407",
                "GHSA-wmmm-f939-6g9c"
            ],
            "risk_score": 3.1,
            "exploitability": "0.5",
            "weighted_severity": "6.2",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9xtz-up2w-mqdh"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31349?format=api",
            "vulnerability_id": "VCID-af7v-p695-jqgr",
            "summary": "Hono is a Web application framework that provides support for any JavaScript runtime. Hono CSRF middleware can be bypassed using crafted Content-Type header. MIME types are case insensitive, but isRequestedByFormElementRe only matches lower-case. As a result, attacker can bypass csrf middleware using upper-case form-like MIME type. This vulnerability is fixed in 4.5.8.",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43787",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00082",
                            "scoring_system": "epss",
                            "scoring_elements": "0.24255",
                            "published_at": "2026-06-12T12:55:00Z"
                        },
                        {
                            "value": "0.00082",
                            "scoring_system": "epss",
                            "scoring_elements": "0.24059",
                            "published_at": "2026-06-11T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43787"
                },
                {
                    "reference_url": "https://github.com/honojs/hono",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.0",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"
                        },
                        {
                            "value": "2.3",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "LOW",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/honojs/hono"
                },
                {
                    "reference_url": "https://github.com/honojs/hono/commit/41ce840379516410dee60c783142e05bb5a22449",
                    "reference_id": "41ce840379516410dee60c783142e05bb5a22449",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"
                        },
                        {
                            "value": "5.0",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"
                        },
                        {
                            "value": "2.3",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "LOW",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-22T15:39:07Z/"
                        }
                    ],
                    "url": "https://github.com/honojs/hono/commit/41ce840379516410dee60c783142e05bb5a22449"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43787",
                    "reference_id": "CVE-2024-43787",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.0",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"
                        },
                        {
                            "value": "2.3",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "LOW",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43787"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-rpfr-3m35-5vx5",
                    "reference_id": "GHSA-rpfr-3m35-5vx5",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "LOW",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-rpfr-3m35-5vx5"
                },
                {
                    "reference_url": "https://github.com/honojs/hono/security/advisories/GHSA-rpfr-3m35-5vx5",
                    "reference_id": "GHSA-rpfr-3m35-5vx5",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"
                        },
                        {
                            "value": "5.0",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"
                        },
                        {
                            "value": "LOW",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        },
                        {
                            "value": "2.3",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "LOW",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-22T15:39:07Z/"
                        }
                    ],
                    "url": "https://github.com/honojs/hono/security/advisories/GHSA-rpfr-3m35-5vx5"
                },
                {
                    "reference_url": "https://github.com/honojs/hono/blob/b0af71fbcc6dbe44140ea76f16d68dfdb32a99a0/src/middleware/csrf/index.ts#L16-L17",
                    "reference_id": "index.ts#L16-L17",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"
                        },
                        {
                            "value": "5.0",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"
                        },
                        {
                            "value": "2.3",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "LOW",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-22T15:39:07Z/"
                        }
                    ],
                    "url": "https://github.com/honojs/hono/blob/b0af71fbcc6dbe44140ea76f16d68dfdb32a99a0/src/middleware/csrf/index.ts#L16-L17"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/33072?format=api",
                    "purl": "pkg:npm/hono@4.5.8",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-1mzm-bnvy-1ugp"
                        },
                        {
                            "vulnerability": "VCID-2yns-6tp8-7kbn"
                        },
                        {
                            "vulnerability": "VCID-36hs-1ykr-xbcs"
                        },
                        {
                            "vulnerability": "VCID-3d6m-3rha-dkc2"
                        },
                        {
                            "vulnerability": "VCID-6vuz-qwz8-h7ba"
                        },
                        {
                            "vulnerability": "VCID-7xab-d7wk-83c5"
                        },
                        {
                            "vulnerability": "VCID-8dsh-qx5a-mkgz"
                        },
                        {
                            "vulnerability": "VCID-8vd9-z7ze-nqgf"
                        },
                        {
                            "vulnerability": "VCID-9xtz-up2w-mqdh"
                        },
                        {
                            "vulnerability": "VCID-ajhs-ueyw-pfbz"
                        },
                        {
                            "vulnerability": "VCID-dy2t-qdtz-d3a1"
                        },
                        {
                            "vulnerability": "VCID-e3g1-j76d-ebes"
                        },
                        {
                            "vulnerability": "VCID-e479-yqm3-wkg4"
                        },
                        {
                            "vulnerability": "VCID-ewdf-92st-nkep"
                        },
                        {
                            "vulnerability": "VCID-f57r-9u5c-ebh4"
                        },
                        {
                            "vulnerability": "VCID-hghf-rym3-3ufa"
                        },
                        {
                            "vulnerability": "VCID-mfkw-vtvw-bqas"
                        },
                        {
                            "vulnerability": "VCID-q2gc-djt2-a3e9"
                        },
                        {
                            "vulnerability": "VCID-r571-x8es-83a4"
                        },
                        {
                            "vulnerability": "VCID-rcau-p84w-3bgs"
                        },
                        {
                            "vulnerability": "VCID-tqjc-xv4n-5yb4"
                        },
                        {
                            "vulnerability": "VCID-uuwp-p8jb-akfq"
                        },
                        {
                            "vulnerability": "VCID-uwfg-jrfw-s7cc"
                        },
                        {
                            "vulnerability": "VCID-wm8v-yjdh-ubfu"
                        },
                        {
                            "vulnerability": "VCID-xymw-92x9-63fb"
                        },
                        {
                            "vulnerability": "VCID-zf4g-8fjt-qke8"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/hono@4.5.8"
                }
            ],
            "aliases": [
                "CVE-2024-43787",
                "GHSA-rpfr-3m35-5vx5"
            ],
            "risk_score": 2.2,
            "exploitability": "0.5",
            "weighted_severity": "4.5",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-af7v-p695-jqgr"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/359803?format=api",
            "vulnerability_id": "VCID-ajhs-ueyw-pfbz",
            "summary": "Hono missing validation of cookie name on write path in setCookie()\n## Summary\n\nCookie names are not validated on the write path when using `setCookie()`, `serialize()`, or `serializeSigned()` to generate Set-Cookie headers.\n\nWhile certain cookie attributes such as domain and path are validated, the cookie name itself may contain invalid characters.\n\nThis results in inconsistent handling of cookie names between parsing (read path) and serialization (write path).\n\n## Details\n\nWhen applications use `setCookie()`, `serialize()`, or `serializeSigned()` with a user-controlled cookie name, invalid values (e.g., containing control characters such as `\\r` or `\\n`) can be used to construct malformed `Set-Cookie` header values.\n\nFor example:\n\n```\nSet-Cookie: legit\nX-Injected: evil=value\n```\n\nHowever, in modern runtimes such as Node.js and Cloudflare Workers, such invalid header values are rejected and result in a runtime error before the response is sent.\n\nAs a result, the reported header injection / response splitting behavior could not be reproduced in these environments.\n\n## Impact\n\nApplications that pass untrusted input as the cookie name to `setCookie()`, `serialize()`, or `serializeSigned()` may encounter runtime errors due to invalid header values.\n\nIn tested environments, malformed `Set-Cookie` headers are rejected before being sent, and the reported header injection behavior could not be reproduced.\n\nThis issue primarily affects correctness and robustness rather than introducing a confirmed exploitable vulnerability.",
            "references": [
                {
                    "reference_url": "https://github.com/honojs/hono",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/honojs/hono"
                },
                {
                    "reference_url": "https://github.com/honojs/hono/commit/a586cd72e3f6122792e631ecf1817e5cabb803ec",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/honojs/hono/commit/a586cd72e3f6122792e631ecf1817e5cabb803ec"
                },
                {
                    "reference_url": "https://github.com/honojs/hono/security/advisories/GHSA-26pp-8wgv-hjvm",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/honojs/hono/security/advisories/GHSA-26pp-8wgv-hjvm"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-26pp-8wgv-hjvm",
                    "reference_id": "GHSA-26pp-8wgv-hjvm",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-26pp-8wgv-hjvm"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/373301?format=api",
                    "purl": "pkg:npm/hono@4.12.12",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-3d6m-3rha-dkc2"
                        },
                        {
                            "vulnerability": "VCID-7xab-d7wk-83c5"
                        },
                        {
                            "vulnerability": "VCID-dy2t-qdtz-d3a1"
                        },
                        {
                            "vulnerability": "VCID-e479-yqm3-wkg4"
                        },
                        {
                            "vulnerability": "VCID-mfkw-vtvw-bqas"
                        },
                        {
                            "vulnerability": "VCID-zf4g-8fjt-qke8"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/hono@4.12.12"
                }
            ],
            "aliases": [
                "GHSA-26pp-8wgv-hjvm"
            ],
            "risk_score": 3.1,
            "exploitability": "0.5",
            "weighted_severity": "6.2",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ajhs-ueyw-pfbz"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/357943?format=api",
            "vulnerability_id": "VCID-bnq3-zrxc-dfe1",
            "summary": "",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-50710",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00362",
                            "scoring_system": "epss",
                            "scoring_elements": "0.58692",
                            "published_at": "2026-06-11T12:55:00Z"
                        },
                        {
                            "value": "0.00362",
                            "scoring_system": "epss",
                            "scoring_elements": "0.58804",
                            "published_at": "2026-06-12T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-50710"
                },
                {
                    "reference_url": "https://github.com/honojs/hono",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.2",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/honojs/hono"
                },
                {
                    "reference_url": "https://github.com/honojs/hono/commit/8e2b6b08518998783f66d31db4f21b1b1eecc4c8",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.2",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/honojs/hono/commit/8e2b6b08518998783f66d31db4f21b1b1eecc4c8"
                },
                {
                    "reference_url": "https://github.com/honojs/hono/releases/tag/v3.11.7",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.2",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/honojs/hono/releases/tag/v3.11.7"
                },
                {
                    "reference_url": "https://github.com/honojs/hono/security/advisories/GHSA-f6gv-hh8j-q8vq",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.2",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/honojs/hono/security/advisories/GHSA-f6gv-hh8j-q8vq"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50710",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.2",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50710"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-f6gv-hh8j-q8vq",
                    "reference_id": "GHSA-f6gv-hh8j-q8vq",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-f6gv-hh8j-q8vq"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/380312?format=api",
                    "purl": "pkg:npm/hono@3.11.7",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-1mzm-bnvy-1ugp"
                        },
                        {
                            "vulnerability": "VCID-2yns-6tp8-7kbn"
                        },
                        {
                            "vulnerability": "VCID-36hs-1ykr-xbcs"
                        },
                        {
                            "vulnerability": "VCID-3d6m-3rha-dkc2"
                        },
                        {
                            "vulnerability": "VCID-6vuz-qwz8-h7ba"
                        },
                        {
                            "vulnerability": "VCID-7xab-d7wk-83c5"
                        },
                        {
                            "vulnerability": "VCID-8dsh-qx5a-mkgz"
                        },
                        {
                            "vulnerability": "VCID-8vd9-z7ze-nqgf"
                        },
                        {
                            "vulnerability": "VCID-9xtz-up2w-mqdh"
                        },
                        {
                            "vulnerability": "VCID-af7v-p695-jqgr"
                        },
                        {
                            "vulnerability": "VCID-ajhs-ueyw-pfbz"
                        },
                        {
                            "vulnerability": "VCID-dy2t-qdtz-d3a1"
                        },
                        {
                            "vulnerability": "VCID-e3g1-j76d-ebes"
                        },
                        {
                            "vulnerability": "VCID-e479-yqm3-wkg4"
                        },
                        {
                            "vulnerability": "VCID-ewdf-92st-nkep"
                        },
                        {
                            "vulnerability": "VCID-f57r-9u5c-ebh4"
                        },
                        {
                            "vulnerability": "VCID-hghf-rym3-3ufa"
                        },
                        {
                            "vulnerability": "VCID-mfkw-vtvw-bqas"
                        },
                        {
                            "vulnerability": "VCID-r571-x8es-83a4"
                        },
                        {
                            "vulnerability": "VCID-rcau-p84w-3bgs"
                        },
                        {
                            "vulnerability": "VCID-rdyz-9auw-qufx"
                        },
                        {
                            "vulnerability": "VCID-tqjc-xv4n-5yb4"
                        },
                        {
                            "vulnerability": "VCID-uuwp-p8jb-akfq"
                        },
                        {
                            "vulnerability": "VCID-uwfg-jrfw-s7cc"
                        },
                        {
                            "vulnerability": "VCID-wm8v-yjdh-ubfu"
                        },
                        {
                            "vulnerability": "VCID-xymw-92x9-63fb"
                        },
                        {
                            "vulnerability": "VCID-zf4g-8fjt-qke8"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/hono@3.11.7"
                }
            ],
            "aliases": [
                "CVE-2023-50710",
                "GHSA-f6gv-hh8j-q8vq"
            ],
            "risk_score": 3.1,
            "exploitability": "0.5",
            "weighted_severity": "6.2",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bnq3-zrxc-dfe1"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/359907?format=api",
            "vulnerability_id": "VCID-dy2t-qdtz-d3a1",
            "summary": "hono Improperly Handles JSX Attribute Names Allows HTML Injection in hono/jsx SSR\n## Summary\n\nImproper handling of JSX attribute names in hono/jsx allows malformed attribute keys to corrupt the generated HTML output.\n\nWhen untrusted input is used as attribute keys during server-side rendering, specially crafted keys can break out of attribute or tag boundaries and inject unintended HTML.\n\n## Details\n\nWhen rendering JSX elements to HTML strings, attribute values are escaped, but attribute names (keys) were previously inserted into the output without validation.\n\nIf an attribute name contains characters such as `\"`, `>`, or whitespace, it can alter the structure of the generated HTML.\n\nFor example, malformed attribute names can:\n\n* Break out of the current attribute and introduce unintended additional attributes\n* Break out of the current HTML tag and inject new elements into the output\n\nThis issue arises when untrusted input (such as query parameters or form data) is used as JSX attribute keys during server-side rendering.\n\n## Impact\n\nAn attacker who can control attribute keys used in JSX rendering may inject unintended attributes or HTML elements into the generated output.\n\nThis may lead to:\n\n* Injection of unexpected HTML attributes\n* Corruption of the HTML structure\n* Potential cross-site scripting (XSS) if combined with unsafe usage patterns\n\nThis issue affects applications that pass untrusted input as JSX attribute keys during server-side rendering.",
            "references": [
                {
                    "reference_url": "https://github.com/honojs/hono",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/honojs/hono"
                },
                {
                    "reference_url": "https://github.com/honojs/hono/security/advisories/GHSA-458j-xx4x-4375",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/honojs/hono/security/advisories/GHSA-458j-xx4x-4375"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-458j-xx4x-4375",
                    "reference_id": "GHSA-458j-xx4x-4375",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-458j-xx4x-4375"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/374085?format=api",
                    "purl": "pkg:npm/hono@4.12.14",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-3d6m-3rha-dkc2"
                        },
                        {
                            "vulnerability": "VCID-7xab-d7wk-83c5"
                        },
                        {
                            "vulnerability": "VCID-e479-yqm3-wkg4"
                        },
                        {
                            "vulnerability": "VCID-mfkw-vtvw-bqas"
                        },
                        {
                            "vulnerability": "VCID-zf4g-8fjt-qke8"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/hono@4.12.14"
                }
            ],
            "aliases": [
                "GHSA-458j-xx4x-4375"
            ],
            "risk_score": 3.1,
            "exploitability": "0.5",
            "weighted_severity": "6.2",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dy2t-qdtz-d3a1"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72792?format=api",
            "vulnerability_id": "VCID-e3g1-j76d-ebes",
            "summary": "Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.12, a discrepancy between browser cookie parsing and parse() handling allows cookie prefix protections to be bypassed. Cookie names that are treated as distinct by the browser may be normalized to the same key by parse(), allowing attacker-controlled cookies to override legitimate ones. This vulnerability is fixed in 4.12.12.",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-39410",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.0003",
                            "scoring_system": "epss",
                            "scoring_elements": "0.09166",
                            "published_at": "2026-06-11T12:55:00Z"
                        },
                        {
                            "value": "0.0003",
                            "scoring_system": "epss",
                            "scoring_elements": "0.09222",
                            "published_at": "2026-06-12T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-39410"
                },
                {
                    "reference_url": "https://github.com/honojs/hono",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/honojs/hono"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39410",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39410"
                },
                {
                    "reference_url": "https://github.com/honojs/hono/commit/cc067c85592415cb1880ad3c61ed923472452ec0",
                    "reference_id": "cc067c85592415cb1880ad3c61ed923472452ec0",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-08T15:17:07Z/"
                        }
                    ],
                    "url": "https://github.com/honojs/hono/commit/cc067c85592415cb1880ad3c61ed923472452ec0"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-r5rp-j6wh-rvv4",
                    "reference_id": "GHSA-r5rp-j6wh-rvv4",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-r5rp-j6wh-rvv4"
                },
                {
                    "reference_url": "https://github.com/honojs/hono/security/advisories/GHSA-r5rp-j6wh-rvv4",
                    "reference_id": "GHSA-r5rp-j6wh-rvv4",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-08T15:17:07Z/"
                        }
                    ],
                    "url": "https://github.com/honojs/hono/security/advisories/GHSA-r5rp-j6wh-rvv4"
                },
                {
                    "reference_url": "https://github.com/honojs/hono/releases/tag/v4.12.12",
                    "reference_id": "v4.12.12",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-08T15:17:07Z/"
                        }
                    ],
                    "url": "https://github.com/honojs/hono/releases/tag/v4.12.12"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/373301?format=api",
                    "purl": "pkg:npm/hono@4.12.12",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-3d6m-3rha-dkc2"
                        },
                        {
                            "vulnerability": "VCID-7xab-d7wk-83c5"
                        },
                        {
                            "vulnerability": "VCID-dy2t-qdtz-d3a1"
                        },
                        {
                            "vulnerability": "VCID-e479-yqm3-wkg4"
                        },
                        {
                            "vulnerability": "VCID-mfkw-vtvw-bqas"
                        },
                        {
                            "vulnerability": "VCID-zf4g-8fjt-qke8"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/hono@4.12.12"
                }
            ],
            "aliases": [
                "CVE-2026-39410",
                "GHSA-r5rp-j6wh-rvv4"
            ],
            "risk_score": 3.1,
            "exploitability": "0.5",
            "weighted_severity": "6.2",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e3g1-j76d-ebes"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67719?format=api",
            "vulnerability_id": "VCID-e479-yqm3-wkg4",
            "summary": "Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.16, Improper handling of JSX element tag names in hono/jsx allowed unvalidated tag names to be directly inserted into the generated HTML output. When untrusted input is used as a tag name via the programmatic jsx() or createElement() APIs during server-side rendering, specially crafted values may break out of the intended element context and inject unintended HTML. This vulnerability is fixed in 4.12.16.",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44455",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00033",
                            "scoring_system": "epss",
                            "scoring_elements": "0.10044",
                            "published_at": "2026-06-12T12:55:00Z"
                        },
                        {
                            "value": "0.00033",
                            "scoring_system": "epss",
                            "scoring_elements": "0.09994",
                            "published_at": "2026-06-11T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44455"
                },
                {
                    "reference_url": "https://github.com/honojs/hono",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.7",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/honojs/hono"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44455",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.7",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44455"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-69xw-7hcm-h432",
                    "reference_id": "GHSA-69xw-7hcm-h432",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-69xw-7hcm-h432"
                },
                {
                    "reference_url": "https://github.com/honojs/hono/security/advisories/GHSA-69xw-7hcm-h432",
                    "reference_id": "GHSA-69xw-7hcm-h432",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.7",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-14T13:45:57Z/"
                        }
                    ],
                    "url": "https://github.com/honojs/hono/security/advisories/GHSA-69xw-7hcm-h432"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/375696?format=api",
                    "purl": "pkg:npm/hono@4.12.16",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-7xab-d7wk-83c5"
                        },
                        {
                            "vulnerability": "VCID-mfkw-vtvw-bqas"
                        },
                        {
                            "vulnerability": "VCID-zf4g-8fjt-qke8"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/hono@4.12.16"
                }
            ],
            "aliases": [
                "CVE-2026-44455",
                "GHSA-69xw-7hcm-h432"
            ],
            "risk_score": 3.1,
            "exploitability": "0.5",
            "weighted_severity": "6.2",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e479-yqm3-wkg4"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82988?format=api",
            "vulnerability_id": "VCID-ewdf-92st-nkep",
            "summary": "Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, Cache Middleware contains an information disclosure vulnerability caused by improper handling of HTTP cache control directives. The middleware does not respect standard cache control headers such as `Cache-Control: private` or `Cache-Control: no-store`, which may result in private or authenticated responses being cached and subsequently exposed to unauthorized users. Version 4.11.7 has a patch for the issue.",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24472",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00016",
                            "scoring_system": "epss",
                            "scoring_elements": "0.03765",
                            "published_at": "2026-06-12T12:55:00Z"
                        },
                        {
                            "value": "0.00016",
                            "scoring_system": "epss",
                            "scoring_elements": "0.03746",
                            "published_at": "2026-06-11T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24472"
                },
                {
                    "reference_url": "https://github.com/honojs/hono",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/honojs/hono"
                },
                {
                    "reference_url": "https://github.com/honojs/hono/commit/12c511745b3f1e7a3f863a23ce5f921c7fa805d1",
                    "reference_id": "12c511745b3f1e7a3f863a23ce5f921c7fa805d1",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-27T20:36:35Z/"
                        }
                    ],
                    "url": "https://github.com/honojs/hono/commit/12c511745b3f1e7a3f863a23ce5f921c7fa805d1"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24472",
                    "reference_id": "CVE-2026-24472",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24472"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-6wqw-2p9w-4vw4",
                    "reference_id": "GHSA-6wqw-2p9w-4vw4",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-6wqw-2p9w-4vw4"
                },
                {
                    "reference_url": "https://github.com/honojs/hono/security/advisories/GHSA-6wqw-2p9w-4vw4",
                    "reference_id": "GHSA-6wqw-2p9w-4vw4",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-27T20:36:35Z/"
                        }
                    ],
                    "url": "https://github.com/honojs/hono/security/advisories/GHSA-6wqw-2p9w-4vw4"
                },
                {
                    "reference_url": "https://github.com/honojs/hono/releases/tag/v4.11.7",
                    "reference_id": "v4.11.7",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-27T20:36:35Z/"
                        }
                    ],
                    "url": "https://github.com/honojs/hono/releases/tag/v4.11.7"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/38214?format=api",
                    "purl": "pkg:npm/hono@4.11.7",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-36hs-1ykr-xbcs"
                        },
                        {
                            "vulnerability": "VCID-3d6m-3rha-dkc2"
                        },
                        {
                            "vulnerability": "VCID-7xab-d7wk-83c5"
                        },
                        {
                            "vulnerability": "VCID-8dsh-qx5a-mkgz"
                        },
                        {
                            "vulnerability": "VCID-9xtz-up2w-mqdh"
                        },
                        {
                            "vulnerability": "VCID-ajhs-ueyw-pfbz"
                        },
                        {
                            "vulnerability": "VCID-dy2t-qdtz-d3a1"
                        },
                        {
                            "vulnerability": "VCID-e3g1-j76d-ebes"
                        },
                        {
                            "vulnerability": "VCID-e479-yqm3-wkg4"
                        },
                        {
                            "vulnerability": "VCID-hghf-rym3-3ufa"
                        },
                        {
                            "vulnerability": "VCID-mfkw-vtvw-bqas"
                        },
                        {
                            "vulnerability": "VCID-q2gc-djt2-a3e9"
                        },
                        {
                            "vulnerability": "VCID-rcau-p84w-3bgs"
                        },
                        {
                            "vulnerability": "VCID-tqjc-xv4n-5yb4"
                        },
                        {
                            "vulnerability": "VCID-uwfg-jrfw-s7cc"
                        },
                        {
                            "vulnerability": "VCID-zf4g-8fjt-qke8"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/hono@4.11.7"
                }
            ],
            "aliases": [
                "CVE-2026-24472",
                "GHSA-6wqw-2p9w-4vw4"
            ],
            "risk_score": 3.1,
            "exploitability": "0.5",
            "weighted_severity": "6.2",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ewdf-92st-nkep"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82863?format=api",
            "vulnerability_id": "VCID-f57r-9u5c-ebh4",
            "summary": "Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, IP Restriction Middleware in Hono is vulnerable to an IP address validation bypass. The `IPV4_REGEX` pattern and `convertIPv4ToBinary` function in `src/utils/ipaddr.ts` do not properly validate that IPv4 octet values are within the valid range of 0-255, allowing attackers to craft malformed IP addresses that bypass IP-based access controls. Version 4.11.7 contains a patch for the issue.",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24398",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00015",
                            "scoring_system": "epss",
                            "scoring_elements": "0.0355",
                            "published_at": "2026-06-12T12:55:00Z"
                        },
                        {
                            "value": "0.00015",
                            "scoring_system": "epss",
                            "scoring_elements": "0.03535",
                            "published_at": "2026-06-11T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24398"
                },
                {
                    "reference_url": "https://github.com/honojs/hono",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/honojs/hono"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24398",
                    "reference_id": "CVE-2026-24398",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24398"
                },
                {
                    "reference_url": "https://github.com/honojs/hono/commit/edbf6eea8e6c26a3937518d4ed91d8666edeec37",
                    "reference_id": "edbf6eea8e6c26a3937518d4ed91d8666edeec37",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-27T19:18:50Z/"
                        }
                    ],
                    "url": "https://github.com/honojs/hono/commit/edbf6eea8e6c26a3937518d4ed91d8666edeec37"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-r354-f388-2fhh",
                    "reference_id": "GHSA-r354-f388-2fhh",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-r354-f388-2fhh"
                },
                {
                    "reference_url": "https://github.com/honojs/hono/security/advisories/GHSA-r354-f388-2fhh",
                    "reference_id": "GHSA-r354-f388-2fhh",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-27T19:18:50Z/"
                        }
                    ],
                    "url": "https://github.com/honojs/hono/security/advisories/GHSA-r354-f388-2fhh"
                },
                {
                    "reference_url": "https://github.com/honojs/hono/releases/tag/v4.11.7",
                    "reference_id": "v4.11.7",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-27T19:18:50Z/"
                        }
                    ],
                    "url": "https://github.com/honojs/hono/releases/tag/v4.11.7"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/38214?format=api",
                    "purl": "pkg:npm/hono@4.11.7",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-36hs-1ykr-xbcs"
                        },
                        {
                            "vulnerability": "VCID-3d6m-3rha-dkc2"
                        },
                        {
                            "vulnerability": "VCID-7xab-d7wk-83c5"
                        },
                        {
                            "vulnerability": "VCID-8dsh-qx5a-mkgz"
                        },
                        {
                            "vulnerability": "VCID-9xtz-up2w-mqdh"
                        },
                        {
                            "vulnerability": "VCID-ajhs-ueyw-pfbz"
                        },
                        {
                            "vulnerability": "VCID-dy2t-qdtz-d3a1"
                        },
                        {
                            "vulnerability": "VCID-e3g1-j76d-ebes"
                        },
                        {
                            "vulnerability": "VCID-e479-yqm3-wkg4"
                        },
                        {
                            "vulnerability": "VCID-hghf-rym3-3ufa"
                        },
                        {
                            "vulnerability": "VCID-mfkw-vtvw-bqas"
                        },
                        {
                            "vulnerability": "VCID-q2gc-djt2-a3e9"
                        },
                        {
                            "vulnerability": "VCID-rcau-p84w-3bgs"
                        },
                        {
                            "vulnerability": "VCID-tqjc-xv4n-5yb4"
                        },
                        {
                            "vulnerability": "VCID-uwfg-jrfw-s7cc"
                        },
                        {
                            "vulnerability": "VCID-zf4g-8fjt-qke8"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/hono@4.11.7"
                }
            ],
            "aliases": [
                "CVE-2026-24398",
                "GHSA-r354-f388-2fhh"
            ],
            "risk_score": 3.1,
            "exploitability": "0.5",
            "weighted_severity": "6.2",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f57r-9u5c-ebh4"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/212808?format=api",
            "vulnerability_id": "VCID-hghf-rym3-3ufa",
            "summary": "Hono vulnerable to Prototype Pollution possible through __proto__ key allowed in parseBody({ dot: true })",
            "references": [
                {
                    "reference_url": "https://github.com/honojs/hono",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/honojs/hono"
                },
                {
                    "reference_url": "https://github.com/honojs/hono/commit/ef902257e0beacbb83d2a9549b3b83e03514a6fe",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/honojs/hono/commit/ef902257e0beacbb83d2a9549b3b83e03514a6fe"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-v8w9-8mx6-g223",
                    "reference_id": "GHSA-v8w9-8mx6-g223",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-v8w9-8mx6-g223"
                },
                {
                    "reference_url": "https://github.com/honojs/hono/security/advisories/GHSA-v8w9-8mx6-g223",
                    "reference_id": "GHSA-v8w9-8mx6-g223",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/honojs/hono/security/advisories/GHSA-v8w9-8mx6-g223"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/40684?format=api",
                    "purl": "pkg:npm/hono@4.12.7",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-3d6m-3rha-dkc2"
                        },
                        {
                            "vulnerability": "VCID-7xab-d7wk-83c5"
                        },
                        {
                            "vulnerability": "VCID-9xtz-up2w-mqdh"
                        },
                        {
                            "vulnerability": "VCID-ajhs-ueyw-pfbz"
                        },
                        {
                            "vulnerability": "VCID-dy2t-qdtz-d3a1"
                        },
                        {
                            "vulnerability": "VCID-e3g1-j76d-ebes"
                        },
                        {
                            "vulnerability": "VCID-e479-yqm3-wkg4"
                        },
                        {
                            "vulnerability": "VCID-mfkw-vtvw-bqas"
                        },
                        {
                            "vulnerability": "VCID-q2gc-djt2-a3e9"
                        },
                        {
                            "vulnerability": "VCID-uwfg-jrfw-s7cc"
                        },
                        {
                            "vulnerability": "VCID-zf4g-8fjt-qke8"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/hono@4.12.7"
                }
            ],
            "aliases": [
                "GHSA-v8w9-8mx6-g223"
            ],
            "risk_score": 3.1,
            "exploitability": "0.5",
            "weighted_severity": "6.2",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hghf-rym3-3ufa"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67626?format=api",
            "vulnerability_id": "VCID-mfkw-vtvw-bqas",
            "summary": "Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, the JSX renderer escapes style attribute object values for HTML but not for CSS. Untrusted input in a style object value or property name can therefore inject additional CSS declarations into the rendered style attribute. The impact is limited to CSS and does not allow JavaScript execution or HTML attribute breakout. This vulnerability is fixed in 4.12.18.",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44458",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00043",
                            "scoring_system": "epss",
                            "scoring_elements": "0.13523",
                            "published_at": "2026-06-12T12:55:00Z"
                        },
                        {
                            "value": "0.00043",
                            "scoring_system": "epss",
                            "scoring_elements": "0.13407",
                            "published_at": "2026-06-11T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44458"
                },
                {
                    "reference_url": "https://github.com/honojs/hono",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/honojs/hono"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44458",
                    "reference_id": "CVE-2026-44458",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44458"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-qp7p-654g-cw7p",
                    "reference_id": "GHSA-qp7p-654g-cw7p",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-qp7p-654g-cw7p"
                },
                {
                    "reference_url": "https://github.com/honojs/hono/security/advisories/GHSA-qp7p-654g-cw7p",
                    "reference_id": "GHSA-qp7p-654g-cw7p",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-14T16:00:00Z/"
                        }
                    ],
                    "url": "https://github.com/honojs/hono/security/advisories/GHSA-qp7p-654g-cw7p"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/375796?format=api",
                    "purl": "pkg:npm/hono@4.12.18",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/hono@4.12.18"
                }
            ],
            "aliases": [
                "CVE-2026-44458",
                "GHSA-qp7p-654g-cw7p"
            ],
            "risk_score": 3.1,
            "exploitability": "0.5",
            "weighted_severity": "6.2",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mfkw-vtvw-bqas"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56362?format=api",
            "vulnerability_id": "VCID-r571-x8es-83a4",
            "summary": "Hono, a web framework, prior to version 4.6.5 is vulnerable to bypass of cross-site request forgery (CSRF) middleware by a request without Content-Type header. Although the CSRF middleware verifies the Content-Type Header, Hono always considers a request without a Content-Type header to be safe. This can allow an attacker to bypass CSRF protection implemented with Hono CSRF middleware. Version 4.6.5 fixes this issue.",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48913",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00234",
                            "scoring_system": "epss",
                            "scoring_elements": "0.46657",
                            "published_at": "2026-06-12T12:55:00Z"
                        },
                        {
                            "value": "0.00234",
                            "scoring_system": "epss",
                            "scoring_elements": "0.46512",
                            "published_at": "2026-06-11T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48913"
                },
                {
                    "reference_url": "https://github.com/honojs/hono",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.9",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/honojs/hono"
                },
                {
                    "reference_url": "https://github.com/honojs/hono/commit/aa50e0ab77b5af8c53c50fe3b271892f8eeeea82",
                    "reference_id": "aa50e0ab77b5af8c53c50fe3b271892f8eeeea82",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.9",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T16:14:46Z/"
                        }
                    ],
                    "url": "https://github.com/honojs/hono/commit/aa50e0ab77b5af8c53c50fe3b271892f8eeeea82"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48913",
                    "reference_id": "CVE-2024-48913",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.9",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48913"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-2234-fmw7-43wr",
                    "reference_id": "GHSA-2234-fmw7-43wr",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-2234-fmw7-43wr"
                },
                {
                    "reference_url": "https://github.com/honojs/hono/security/advisories/GHSA-2234-fmw7-43wr",
                    "reference_id": "GHSA-2234-fmw7-43wr",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.9",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T16:14:46Z/"
                        }
                    ],
                    "url": "https://github.com/honojs/hono/security/advisories/GHSA-2234-fmw7-43wr"
                },
                {
                    "reference_url": "https://github.com/honojs/hono/blob/cebf4e87f3984a6a034e60a43f542b4c5225b668/src/middleware/csrf/index.ts#L76-L89",
                    "reference_id": "index.ts#L76-L89",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.9",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T16:14:46Z/"
                        }
                    ],
                    "url": "https://github.com/honojs/hono/blob/cebf4e87f3984a6a034e60a43f542b4c5225b668/src/middleware/csrf/index.ts#L76-L89"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/33857?format=api",
                    "purl": "pkg:npm/hono@4.6.5",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-1mzm-bnvy-1ugp"
                        },
                        {
                            "vulnerability": "VCID-2yns-6tp8-7kbn"
                        },
                        {
                            "vulnerability": "VCID-36hs-1ykr-xbcs"
                        },
                        {
                            "vulnerability": "VCID-3d6m-3rha-dkc2"
                        },
                        {
                            "vulnerability": "VCID-6vuz-qwz8-h7ba"
                        },
                        {
                            "vulnerability": "VCID-7xab-d7wk-83c5"
                        },
                        {
                            "vulnerability": "VCID-8dsh-qx5a-mkgz"
                        },
                        {
                            "vulnerability": "VCID-8vd9-z7ze-nqgf"
                        },
                        {
                            "vulnerability": "VCID-9xtz-up2w-mqdh"
                        },
                        {
                            "vulnerability": "VCID-ajhs-ueyw-pfbz"
                        },
                        {
                            "vulnerability": "VCID-dy2t-qdtz-d3a1"
                        },
                        {
                            "vulnerability": "VCID-e3g1-j76d-ebes"
                        },
                        {
                            "vulnerability": "VCID-e479-yqm3-wkg4"
                        },
                        {
                            "vulnerability": "VCID-ewdf-92st-nkep"
                        },
                        {
                            "vulnerability": "VCID-f57r-9u5c-ebh4"
                        },
                        {
                            "vulnerability": "VCID-hghf-rym3-3ufa"
                        },
                        {
                            "vulnerability": "VCID-mfkw-vtvw-bqas"
                        },
                        {
                            "vulnerability": "VCID-q2gc-djt2-a3e9"
                        },
                        {
                            "vulnerability": "VCID-rcau-p84w-3bgs"
                        },
                        {
                            "vulnerability": "VCID-tqjc-xv4n-5yb4"
                        },
                        {
                            "vulnerability": "VCID-uuwp-p8jb-akfq"
                        },
                        {
                            "vulnerability": "VCID-uwfg-jrfw-s7cc"
                        },
                        {
                            "vulnerability": "VCID-wm8v-yjdh-ubfu"
                        },
                        {
                            "vulnerability": "VCID-xymw-92x9-63fb"
                        },
                        {
                            "vulnerability": "VCID-zf4g-8fjt-qke8"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/hono@4.6.5"
                }
            ],
            "aliases": [
                "CVE-2024-48913",
                "GHSA-2234-fmw7-43wr"
            ],
            "risk_score": 3.1,
            "exploitability": "0.5",
            "weighted_severity": "6.2",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r571-x8es-83a4"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74076?format=api",
            "vulnerability_id": "VCID-rcau-p84w-3bgs",
            "summary": "Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, when using serveStatic together with route-based middleware protections (e.g. app.use('/admin/*', ...)), inconsistent URL decoding allowed protected static resources to be accessed without authorization. The router used decodeURI, while serveStatic used decodeURIComponent. This mismatch allowed paths containing encoded slashes (%2F) to bypass middleware protections while still resolving to the intended filesystem path. This issue has been patched in version 4.12.4.",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-29045",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.0005",
                            "scoring_system": "epss",
                            "scoring_elements": "0.1609",
                            "published_at": "2026-06-12T12:55:00Z"
                        },
                        {
                            "value": "0.0005",
                            "scoring_system": "epss",
                            "scoring_elements": "0.1595",
                            "published_at": "2026-06-11T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-29045"
                },
                {
                    "reference_url": "https://github.com/honojs/hono",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/honojs/hono"
                },
                {
                    "reference_url": "https://github.com/honojs/hono/commit/6a0607a929d888893f0c91d92dce2fcfdb3662a3",
                    "reference_id": "6a0607a929d888893f0c91d92dce2fcfdb3662a3",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-05T15:39:29Z/"
                        }
                    ],
                    "url": "https://github.com/honojs/hono/commit/6a0607a929d888893f0c91d92dce2fcfdb3662a3"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29045",
                    "reference_id": "CVE-2026-29045",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29045"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-q5qw-h33p-qvwr",
                    "reference_id": "GHSA-q5qw-h33p-qvwr",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "HIGH",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-q5qw-h33p-qvwr"
                },
                {
                    "reference_url": "https://github.com/honojs/hono/security/advisories/GHSA-q5qw-h33p-qvwr",
                    "reference_id": "GHSA-q5qw-h33p-qvwr",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-05T15:39:29Z/"
                        }
                    ],
                    "url": "https://github.com/honojs/hono/security/advisories/GHSA-q5qw-h33p-qvwr"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/40180?format=api",
                    "purl": "pkg:npm/hono@4.12.4",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-3d6m-3rha-dkc2"
                        },
                        {
                            "vulnerability": "VCID-7xab-d7wk-83c5"
                        },
                        {
                            "vulnerability": "VCID-9xtz-up2w-mqdh"
                        },
                        {
                            "vulnerability": "VCID-ajhs-ueyw-pfbz"
                        },
                        {
                            "vulnerability": "VCID-dy2t-qdtz-d3a1"
                        },
                        {
                            "vulnerability": "VCID-e3g1-j76d-ebes"
                        },
                        {
                            "vulnerability": "VCID-e479-yqm3-wkg4"
                        },
                        {
                            "vulnerability": "VCID-hghf-rym3-3ufa"
                        },
                        {
                            "vulnerability": "VCID-mfkw-vtvw-bqas"
                        },
                        {
                            "vulnerability": "VCID-q2gc-djt2-a3e9"
                        },
                        {
                            "vulnerability": "VCID-uwfg-jrfw-s7cc"
                        },
                        {
                            "vulnerability": "VCID-zf4g-8fjt-qke8"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/hono@4.12.4"
                }
            ],
            "aliases": [
                "CVE-2026-29045",
                "GHSA-q5qw-h33p-qvwr"
            ],
            "risk_score": 4.0,
            "exploitability": "0.5",
            "weighted_severity": "8.0",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rcau-p84w-3bgs"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52802?format=api",
            "vulnerability_id": "VCID-rdyz-9auw-qufx",
            "summary": "Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.2.7, when using serveStatic with deno, it is possible to traverse the directory where `main.ts` is located. This can result in retrieval of unexpected files. Version 4.2.7 contains a patch for the issue.",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32869",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.01668",
                            "scoring_system": "epss",
                            "scoring_elements": "0.82569",
                            "published_at": "2026-06-12T12:55:00Z"
                        },
                        {
                            "value": "0.01668",
                            "scoring_system": "epss",
                            "scoring_elements": "0.82507",
                            "published_at": "2026-06-11T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32869"
                },
                {
                    "reference_url": "https://github.com/honojs/hono",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/honojs/hono"
                },
                {
                    "reference_url": "https://github.com/honojs/hono/commit/92e65fbb6e5e7372650e7690dbd84938432d9e65",
                    "reference_id": "92e65fbb6e5e7372650e7690dbd84938432d9e65",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-25T18:47:56Z/"
                        }
                    ],
                    "url": "https://github.com/honojs/hono/commit/92e65fbb6e5e7372650e7690dbd84938432d9e65"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32869",
                    "reference_id": "CVE-2024-32869",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32869"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-3mpf-rcc7-5347",
                    "reference_id": "GHSA-3mpf-rcc7-5347",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-3mpf-rcc7-5347"
                },
                {
                    "reference_url": "https://github.com/honojs/hono/security/advisories/GHSA-3mpf-rcc7-5347",
                    "reference_id": "GHSA-3mpf-rcc7-5347",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-25T18:47:56Z/"
                        }
                    ],
                    "url": "https://github.com/honojs/hono/security/advisories/GHSA-3mpf-rcc7-5347"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/30716?format=api",
                    "purl": "pkg:npm/hono@4.2.7",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-1mzm-bnvy-1ugp"
                        },
                        {
                            "vulnerability": "VCID-2yns-6tp8-7kbn"
                        },
                        {
                            "vulnerability": "VCID-36hs-1ykr-xbcs"
                        },
                        {
                            "vulnerability": "VCID-3d6m-3rha-dkc2"
                        },
                        {
                            "vulnerability": "VCID-6vuz-qwz8-h7ba"
                        },
                        {
                            "vulnerability": "VCID-7xab-d7wk-83c5"
                        },
                        {
                            "vulnerability": "VCID-8dsh-qx5a-mkgz"
                        },
                        {
                            "vulnerability": "VCID-8vd9-z7ze-nqgf"
                        },
                        {
                            "vulnerability": "VCID-9xtz-up2w-mqdh"
                        },
                        {
                            "vulnerability": "VCID-af7v-p695-jqgr"
                        },
                        {
                            "vulnerability": "VCID-ajhs-ueyw-pfbz"
                        },
                        {
                            "vulnerability": "VCID-dy2t-qdtz-d3a1"
                        },
                        {
                            "vulnerability": "VCID-e3g1-j76d-ebes"
                        },
                        {
                            "vulnerability": "VCID-e479-yqm3-wkg4"
                        },
                        {
                            "vulnerability": "VCID-ewdf-92st-nkep"
                        },
                        {
                            "vulnerability": "VCID-f57r-9u5c-ebh4"
                        },
                        {
                            "vulnerability": "VCID-hghf-rym3-3ufa"
                        },
                        {
                            "vulnerability": "VCID-mfkw-vtvw-bqas"
                        },
                        {
                            "vulnerability": "VCID-q2gc-djt2-a3e9"
                        },
                        {
                            "vulnerability": "VCID-r571-x8es-83a4"
                        },
                        {
                            "vulnerability": "VCID-rcau-p84w-3bgs"
                        },
                        {
                            "vulnerability": "VCID-tqjc-xv4n-5yb4"
                        },
                        {
                            "vulnerability": "VCID-uuwp-p8jb-akfq"
                        },
                        {
                            "vulnerability": "VCID-uwfg-jrfw-s7cc"
                        },
                        {
                            "vulnerability": "VCID-wm8v-yjdh-ubfu"
                        },
                        {
                            "vulnerability": "VCID-xymw-92x9-63fb"
                        },
                        {
                            "vulnerability": "VCID-zf4g-8fjt-qke8"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/hono@4.2.7"
                }
            ],
            "aliases": [
                "CVE-2024-32869",
                "GHSA-3mpf-rcc7-5347"
            ],
            "risk_score": 3.1,
            "exploitability": "0.5",
            "weighted_severity": "6.2",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rdyz-9auw-qufx"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74128?format=api",
            "vulnerability_id": "VCID-tqjc-xv4n-5yb4",
            "summary": "Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, when using streamSSE() in Streaming Helper, the event, id, and retry fields were not validated for carriage return (\\r) or newline (\\n) characters. Because the SSE protocol uses line breaks as field delimiters, this could allow injection of additional SSE fields within the same event frame if untrusted input was passed into these fields. This issue has been patched in version 4.12.4.",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-29085",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.0006",
                            "scoring_system": "epss",
                            "scoring_elements": "0.19246",
                            "published_at": "2026-06-12T12:55:00Z"
                        },
                        {
                            "value": "0.0006",
                            "scoring_system": "epss",
                            "scoring_elements": "0.19078",
                            "published_at": "2026-06-11T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-29085"
                },
                {
                    "reference_url": "https://github.com/honojs/hono",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/honojs/hono"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29085",
                    "reference_id": "CVE-2026-29085",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29085"
                },
                {
                    "reference_url": "https://github.com/honojs/hono/commit/f4123ed9ea3c7c52380cc99a079a4d773838846e",
                    "reference_id": "f4123ed9ea3c7c52380cc99a079a4d773838846e",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-05T15:39:27Z/"
                        }
                    ],
                    "url": "https://github.com/honojs/hono/commit/f4123ed9ea3c7c52380cc99a079a4d773838846e"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-p6xx-57qc-3wxr",
                    "reference_id": "GHSA-p6xx-57qc-3wxr",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-p6xx-57qc-3wxr"
                },
                {
                    "reference_url": "https://github.com/honojs/hono/security/advisories/GHSA-p6xx-57qc-3wxr",
                    "reference_id": "GHSA-p6xx-57qc-3wxr",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-05T15:39:27Z/"
                        }
                    ],
                    "url": "https://github.com/honojs/hono/security/advisories/GHSA-p6xx-57qc-3wxr"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/40180?format=api",
                    "purl": "pkg:npm/hono@4.12.4",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-3d6m-3rha-dkc2"
                        },
                        {
                            "vulnerability": "VCID-7xab-d7wk-83c5"
                        },
                        {
                            "vulnerability": "VCID-9xtz-up2w-mqdh"
                        },
                        {
                            "vulnerability": "VCID-ajhs-ueyw-pfbz"
                        },
                        {
                            "vulnerability": "VCID-dy2t-qdtz-d3a1"
                        },
                        {
                            "vulnerability": "VCID-e3g1-j76d-ebes"
                        },
                        {
                            "vulnerability": "VCID-e479-yqm3-wkg4"
                        },
                        {
                            "vulnerability": "VCID-hghf-rym3-3ufa"
                        },
                        {
                            "vulnerability": "VCID-mfkw-vtvw-bqas"
                        },
                        {
                            "vulnerability": "VCID-q2gc-djt2-a3e9"
                        },
                        {
                            "vulnerability": "VCID-uwfg-jrfw-s7cc"
                        },
                        {
                            "vulnerability": "VCID-zf4g-8fjt-qke8"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/hono@4.12.4"
                }
            ],
            "aliases": [
                "CVE-2026-29085",
                "GHSA-p6xx-57qc-3wxr"
            ],
            "risk_score": 3.1,
            "exploitability": "0.5",
            "weighted_severity": "6.2",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tqjc-xv4n-5yb4"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/212325?format=api",
            "vulnerability_id": "VCID-uuwp-p8jb-akfq",
            "summary": "Hono vulnerable to Vary Header Injection leading to potential CORS Bypass",
            "references": [
                {
                    "reference_url": "https://github.com/honojs/hono",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.2",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/honojs/hono"
                },
                {
                    "reference_url": "https://github.com/honojs/hono/commit/d9b8b4b73b4f997994f2764013207365fe711282",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.2",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/honojs/hono/commit/d9b8b4b73b4f997994f2764013207365fe711282"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-q7jf-gf43-6x6p",
                    "reference_id": "GHSA-q7jf-gf43-6x6p",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-q7jf-gf43-6x6p"
                },
                {
                    "reference_url": "https://github.com/honojs/hono/security/advisories/GHSA-q7jf-gf43-6x6p",
                    "reference_id": "GHSA-q7jf-gf43-6x6p",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.2",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/honojs/hono/security/advisories/GHSA-q7jf-gf43-6x6p"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/34750?format=api",
                    "purl": "pkg:npm/hono@4.10.3",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-1mzm-bnvy-1ugp"
                        },
                        {
                            "vulnerability": "VCID-36hs-1ykr-xbcs"
                        },
                        {
                            "vulnerability": "VCID-3d6m-3rha-dkc2"
                        },
                        {
                            "vulnerability": "VCID-7xab-d7wk-83c5"
                        },
                        {
                            "vulnerability": "VCID-8dsh-qx5a-mkgz"
                        },
                        {
                            "vulnerability": "VCID-8vd9-z7ze-nqgf"
                        },
                        {
                            "vulnerability": "VCID-9xtz-up2w-mqdh"
                        },
                        {
                            "vulnerability": "VCID-ajhs-ueyw-pfbz"
                        },
                        {
                            "vulnerability": "VCID-dy2t-qdtz-d3a1"
                        },
                        {
                            "vulnerability": "VCID-e3g1-j76d-ebes"
                        },
                        {
                            "vulnerability": "VCID-e479-yqm3-wkg4"
                        },
                        {
                            "vulnerability": "VCID-ewdf-92st-nkep"
                        },
                        {
                            "vulnerability": "VCID-f57r-9u5c-ebh4"
                        },
                        {
                            "vulnerability": "VCID-hghf-rym3-3ufa"
                        },
                        {
                            "vulnerability": "VCID-mfkw-vtvw-bqas"
                        },
                        {
                            "vulnerability": "VCID-q2gc-djt2-a3e9"
                        },
                        {
                            "vulnerability": "VCID-rcau-p84w-3bgs"
                        },
                        {
                            "vulnerability": "VCID-tqjc-xv4n-5yb4"
                        },
                        {
                            "vulnerability": "VCID-uwfg-jrfw-s7cc"
                        },
                        {
                            "vulnerability": "VCID-wm8v-yjdh-ubfu"
                        },
                        {
                            "vulnerability": "VCID-xymw-92x9-63fb"
                        },
                        {
                            "vulnerability": "VCID-zf4g-8fjt-qke8"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/hono@4.10.3"
                }
            ],
            "aliases": [
                "GHSA-q7jf-gf43-6x6p"
            ],
            "risk_score": 3.1,
            "exploitability": "0.5",
            "weighted_severity": "6.2",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uuwp-p8jb-akfq"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/73180?format=api",
            "vulnerability_id": "VCID-uwfg-jrfw-s7cc",
            "summary": "Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.12, ipRestriction() does not canonicalize IPv4-mapped IPv6 client addresses (e.g. ::ffff:127.0.0.1) before applying IPv4 allow or deny rules. In environments such as Node.js dual-stack, this can cause IPv4 rules to fail to match, leading to unintended authorization behavior. This vulnerability is fixed in 4.12.12.",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-39409",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00013",
                            "scoring_system": "epss",
                            "scoring_elements": "0.02368",
                            "published_at": "2026-06-11T12:55:00Z"
                        },
                        {
                            "value": "0.00013",
                            "scoring_system": "epss",
                            "scoring_elements": "0.02366",
                            "published_at": "2026-06-12T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-39409"
                },
                {
                    "reference_url": "https://github.com/honojs/hono",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
                        },
                        {
                            "value": "6.3",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/honojs/hono"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39409",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
                        },
                        {
                            "value": "6.3",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39409"
                },
                {
                    "reference_url": "https://github.com/honojs/hono/commit/48fa2233bc092f650119f42df043050737cabf39",
                    "reference_id": "48fa2233bc092f650119f42df043050737cabf39",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
                        },
                        {
                            "value": "6.3",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-08T16:08:52Z/"
                        }
                    ],
                    "url": "https://github.com/honojs/hono/commit/48fa2233bc092f650119f42df043050737cabf39"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-xpcf-pg52-r92g",
                    "reference_id": "GHSA-xpcf-pg52-r92g",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-xpcf-pg52-r92g"
                },
                {
                    "reference_url": "https://github.com/honojs/hono/security/advisories/GHSA-xpcf-pg52-r92g",
                    "reference_id": "GHSA-xpcf-pg52-r92g",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        },
                        {
                            "value": "6.3",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-08T16:08:52Z/"
                        }
                    ],
                    "url": "https://github.com/honojs/hono/security/advisories/GHSA-xpcf-pg52-r92g"
                },
                {
                    "reference_url": "https://github.com/honojs/hono/releases/tag/v4.12.12",
                    "reference_id": "v4.12.12",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
                        },
                        {
                            "value": "6.3",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-08T16:08:52Z/"
                        }
                    ],
                    "url": "https://github.com/honojs/hono/releases/tag/v4.12.12"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/373301?format=api",
                    "purl": "pkg:npm/hono@4.12.12",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-3d6m-3rha-dkc2"
                        },
                        {
                            "vulnerability": "VCID-7xab-d7wk-83c5"
                        },
                        {
                            "vulnerability": "VCID-dy2t-qdtz-d3a1"
                        },
                        {
                            "vulnerability": "VCID-e479-yqm3-wkg4"
                        },
                        {
                            "vulnerability": "VCID-mfkw-vtvw-bqas"
                        },
                        {
                            "vulnerability": "VCID-zf4g-8fjt-qke8"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/hono@4.12.12"
                }
            ],
            "aliases": [
                "CVE-2026-39409",
                "GHSA-xpcf-pg52-r92g"
            ],
            "risk_score": 3.1,
            "exploitability": "0.5",
            "weighted_severity": "6.2",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uwfg-jrfw-s7cc"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82563?format=api",
            "vulnerability_id": "VCID-wm8v-yjdh-ubfu",
            "summary": "Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, Serve static Middleware for the Cloudflare Workers adapter contains an information disclosure vulnerability that may allow attackers to read arbitrary keys from the Workers environment. Improper validation of user-controlled paths can result in unintended access to internal asset keys. Version 4.11.7 contains a patch for the issue.",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24473",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00016",
                            "scoring_system": "epss",
                            "scoring_elements": "0.03765",
                            "published_at": "2026-06-12T12:55:00Z"
                        },
                        {
                            "value": "0.00016",
                            "scoring_system": "epss",
                            "scoring_elements": "0.03746",
                            "published_at": "2026-06-11T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24473"
                },
                {
                    "reference_url": "https://github.com/honojs/hono",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
                        },
                        {
                            "value": "6.3",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/honojs/hono"
                },
                {
                    "reference_url": "https://github.com/honojs/hono/commit/cf9a78db4d0a19b117aee399cbe9d3a6d9bfd817",
                    "reference_id": "cf9a78db4d0a19b117aee399cbe9d3a6d9bfd817",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
                        },
                        {
                            "value": "6.3",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-27T20:36:20Z/"
                        }
                    ],
                    "url": "https://github.com/honojs/hono/commit/cf9a78db4d0a19b117aee399cbe9d3a6d9bfd817"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24473",
                    "reference_id": "CVE-2026-24473",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
                        },
                        {
                            "value": "6.3",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24473"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-w332-q679-j88p",
                    "reference_id": "GHSA-w332-q679-j88p",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-w332-q679-j88p"
                },
                {
                    "reference_url": "https://github.com/honojs/hono/security/advisories/GHSA-w332-q679-j88p",
                    "reference_id": "GHSA-w332-q679-j88p",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        },
                        {
                            "value": "6.3",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-27T20:36:20Z/"
                        }
                    ],
                    "url": "https://github.com/honojs/hono/security/advisories/GHSA-w332-q679-j88p"
                },
                {
                    "reference_url": "https://github.com/honojs/hono/releases/tag/v4.11.7",
                    "reference_id": "v4.11.7",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
                        },
                        {
                            "value": "6.3",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-27T20:36:20Z/"
                        }
                    ],
                    "url": "https://github.com/honojs/hono/releases/tag/v4.11.7"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/38214?format=api",
                    "purl": "pkg:npm/hono@4.11.7",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-36hs-1ykr-xbcs"
                        },
                        {
                            "vulnerability": "VCID-3d6m-3rha-dkc2"
                        },
                        {
                            "vulnerability": "VCID-7xab-d7wk-83c5"
                        },
                        {
                            "vulnerability": "VCID-8dsh-qx5a-mkgz"
                        },
                        {
                            "vulnerability": "VCID-9xtz-up2w-mqdh"
                        },
                        {
                            "vulnerability": "VCID-ajhs-ueyw-pfbz"
                        },
                        {
                            "vulnerability": "VCID-dy2t-qdtz-d3a1"
                        },
                        {
                            "vulnerability": "VCID-e3g1-j76d-ebes"
                        },
                        {
                            "vulnerability": "VCID-e479-yqm3-wkg4"
                        },
                        {
                            "vulnerability": "VCID-hghf-rym3-3ufa"
                        },
                        {
                            "vulnerability": "VCID-mfkw-vtvw-bqas"
                        },
                        {
                            "vulnerability": "VCID-q2gc-djt2-a3e9"
                        },
                        {
                            "vulnerability": "VCID-rcau-p84w-3bgs"
                        },
                        {
                            "vulnerability": "VCID-tqjc-xv4n-5yb4"
                        },
                        {
                            "vulnerability": "VCID-uwfg-jrfw-s7cc"
                        },
                        {
                            "vulnerability": "VCID-zf4g-8fjt-qke8"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/hono@4.11.7"
                }
            ],
            "aliases": [
                "CVE-2026-24473",
                "GHSA-w332-q679-j88p"
            ],
            "risk_score": 3.1,
            "exploitability": "0.5",
            "weighted_severity": "6.2",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wm8v-yjdh-ubfu"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83774?format=api",
            "vulnerability_id": "VCID-xymw-92x9-63fb",
            "summary": "Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.11.4, there is a flaw in Hono’s JWK/JWKS JWT verification middleware allowed the algorithm specified in the JWT header to influence signature verification when the selected JWK did not explicitly define an algorithm. This could enable JWT algorithm confusion and, in certain configurations, allow forged tokens to be accepted. The JWK/JWKS JWT verification middleware has been updated to require an explicit allowlist of asymmetric algorithms when verifying tokens. The middleware no longer derives the verification algorithm from untrusted JWT header values. This vulnerability is fixed in 4.11.4.",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-22818",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.0002",
                            "scoring_system": "epss",
                            "scoring_elements": "0.05678",
                            "published_at": "2026-06-12T12:55:00Z"
                        },
                        {
                            "value": "0.0002",
                            "scoring_system": "epss",
                            "scoring_elements": "0.05888",
                            "published_at": "2026-06-11T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-22818"
                },
                {
                    "reference_url": "https://github.com/honojs/hono",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "8.2",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/honojs/hono"
                },
                {
                    "reference_url": "https://github.com/honojs/hono/commit/190f6e28e2ca85ce3d1f2f54db1310f5f3eab134",
                    "reference_id": "190f6e28e2ca85ce3d1f2f54db1310f5f3eab134",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "8.2",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-15T15:29:32Z/"
                        }
                    ],
                    "url": "https://github.com/honojs/hono/commit/190f6e28e2ca85ce3d1f2f54db1310f5f3eab134"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22818",
                    "reference_id": "CVE-2026-22818",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "8.2",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22818"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-3vhc-576x-3qv4",
                    "reference_id": "GHSA-3vhc-576x-3qv4",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "HIGH",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-3vhc-576x-3qv4"
                },
                {
                    "reference_url": "https://github.com/honojs/hono/security/advisories/GHSA-3vhc-576x-3qv4",
                    "reference_id": "GHSA-3vhc-576x-3qv4",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "8.2",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-15T15:29:32Z/"
                        }
                    ],
                    "url": "https://github.com/honojs/hono/security/advisories/GHSA-3vhc-576x-3qv4"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/37718?format=api",
                    "purl": "pkg:npm/hono@4.11.4",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-1mzm-bnvy-1ugp"
                        },
                        {
                            "vulnerability": "VCID-36hs-1ykr-xbcs"
                        },
                        {
                            "vulnerability": "VCID-3d6m-3rha-dkc2"
                        },
                        {
                            "vulnerability": "VCID-7xab-d7wk-83c5"
                        },
                        {
                            "vulnerability": "VCID-8dsh-qx5a-mkgz"
                        },
                        {
                            "vulnerability": "VCID-9xtz-up2w-mqdh"
                        },
                        {
                            "vulnerability": "VCID-ajhs-ueyw-pfbz"
                        },
                        {
                            "vulnerability": "VCID-dy2t-qdtz-d3a1"
                        },
                        {
                            "vulnerability": "VCID-e3g1-j76d-ebes"
                        },
                        {
                            "vulnerability": "VCID-e479-yqm3-wkg4"
                        },
                        {
                            "vulnerability": "VCID-ewdf-92st-nkep"
                        },
                        {
                            "vulnerability": "VCID-f57r-9u5c-ebh4"
                        },
                        {
                            "vulnerability": "VCID-hghf-rym3-3ufa"
                        },
                        {
                            "vulnerability": "VCID-mfkw-vtvw-bqas"
                        },
                        {
                            "vulnerability": "VCID-q2gc-djt2-a3e9"
                        },
                        {
                            "vulnerability": "VCID-rcau-p84w-3bgs"
                        },
                        {
                            "vulnerability": "VCID-tqjc-xv4n-5yb4"
                        },
                        {
                            "vulnerability": "VCID-uwfg-jrfw-s7cc"
                        },
                        {
                            "vulnerability": "VCID-wm8v-yjdh-ubfu"
                        },
                        {
                            "vulnerability": "VCID-zf4g-8fjt-qke8"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/hono@4.11.4"
                }
            ],
            "aliases": [
                "CVE-2026-22818",
                "GHSA-3vhc-576x-3qv4"
            ],
            "risk_score": 4.0,
            "exploitability": "0.5",
            "weighted_severity": "8.0",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xymw-92x9-63fb"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67696?format=api",
            "vulnerability_id": "VCID-zf4g-8fjt-qke8",
            "summary": "Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, Cache Middleware does not skip caching for responses that declare per-user variance via Vary: Authorization or Vary: Cookie. As a result, a response cached for one authenticated user may be served to subsequent requests from different users. This vulnerability is fixed in 4.12.18.",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44457",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00038",
                            "scoring_system": "epss",
                            "scoring_elements": "0.11837",
                            "published_at": "2026-06-12T12:55:00Z"
                        },
                        {
                            "value": "0.00038",
                            "scoring_system": "epss",
                            "scoring_elements": "0.11751",
                            "published_at": "2026-06-11T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44457"
                },
                {
                    "reference_url": "https://github.com/honojs/hono",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/honojs/hono"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44457",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44457"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-p77w-8qqv-26rm",
                    "reference_id": "GHSA-p77w-8qqv-26rm",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-p77w-8qqv-26rm"
                },
                {
                    "reference_url": "https://github.com/honojs/hono/security/advisories/GHSA-p77w-8qqv-26rm",
                    "reference_id": "GHSA-p77w-8qqv-26rm",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-18T14:06:33Z/"
                        }
                    ],
                    "url": "https://github.com/honojs/hono/security/advisories/GHSA-p77w-8qqv-26rm"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/375796?format=api",
                    "purl": "pkg:npm/hono@4.12.18",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/hono@4.12.18"
                }
            ],
            "aliases": [
                "CVE-2026-44457",
                "GHSA-p77w-8qqv-26rm"
            ],
            "risk_score": 3.1,
            "exploitability": "0.5",
            "weighted_severity": "6.2",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zf4g-8fjt-qke8"
        }
    ],
    "fixing_vulnerabilities": [],
    "risk_score": "4.0",
    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/hono@0.0.14"
}

Package Instance