GHSA-9FFQ-6457-8958 Sharp is Vulnerable to Path Traversal via Unsanitized Extension in FileUtil

Summary A path traversal vulnerability exists in the FileUtil class of the code16/sharp package. The application fails to sanitize file extensions properly, allowing path separators to be passed into the storage layer. Detail In src/Utils/FileUtil.php, the FileUtil::explodeExtension function...

org.webjars.npm:image-thumbnail (=1.0.15), org.webjars.npm:pkg-fetch (=3.4.2) +3 more potentially affected by CVE-2025-59343 via org.webjars.npm:tar-fs (=2.1.1)

org.webjars.npm:tar-fs MAVEN version =2.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:tar-fs and may be impacted: - org.webjars.npm:image-thumbnail =1.0.15 - org.webjars.npm:pkg-fetch =3.4.2 - org.webjars.npm:prebuild-install =7.1...

MAL-2024-9841 Malicious code in sharp-libvips-linux-x64 (npm)

--- -= Per source details. Do not edit below this line.=-...