CVE-2026-33686 Sharp is Vulnerable to Path Traversal via Unsanitized Extension in FileUtil

Sharp is a content management framework built for Laravel as a package. Versions prior to 9.20.0 have a path traversal vulnerability in the FileUtil class. The application fails to sanitize file extensions properly, allowing path separators to be passed into the storage layer. In...

sharp 安全漏洞

sharp is a lovell personal developer for converting large images in common formats to smaller, web-friendly JPEG, PNG, WebP, GIF, and AVIF images of different sizes. A security vulnerability exists in sharp v9.6.6, which originates in src/Form/Fields/SharpFormUploadField.php and is susceptible to...

CVE-2025-61457

code16 Sharp v9.6.6 is vulnerable to Cross Site Scripting XSS src/Form/Fields/SharpFormUploadField.php...

ImageSharp 安全漏洞

ImageSharp is a new, full-featured, fully managed, cross-platform 2D graphics API from ImageSharp, Inc. A security vulnerability exists in ImageSharp versions prior to v3.1.4 and prior to v2.1.8, which stems from a heap-release-after-reuse flaw found in ImageSharp's JPEG and TGA decoders, which i...

10secondsofcode-custom (=1.0.0), 10up-toolkit (>=4.2.0 <=5.0.0) +5507 more potentially affected by unknown CVE via sharp (>=0.10.1 <=0.32.5)

sharp NPM version =0.10.1, =4.2.0, =0.0.1, =1.0.0, =1.0.0, =1.0.0, =0.1.2, =1.0.0, =0.0.2, =0.0.2, =0.0.2, =0.0.1, =4.11.0, =1.0.0, =1.0.2 and more Source cves: unknown CVE Source advisory: OSV:GHSA-54XQ-CGQR-RPM3...

GHSA-54XQ-CGQR-RPM3 sharp vulnerability in libwebp dependency CVE-2023-4863

Overview sharp uses libwebp to decode WebP images and versions prior to the latest 0.32.6 are vulnerable to the high severity https://github.com/advisories/GHSA-j7hp-h8jx-5ppr. Who does this affect? Almost anyone processing untrusted input with versions of sharp prior to 0.32.6. How to resolve...

10secondsofcode-custom (=1.0.0), 11ty-dither (>=0.0.1 <=0.0.8) +4020 more potentially affected by CVE-2022-29256 via sharp (>=0.10.1 <=0.30.4)

sharp NPM version =0.10.1, =0.0.1, =1.0.0, =1.0.0, =1.0.0, =0.0.2, =0.0.2, =0.0.2, =0.0.1, =4.11.0, =1.0.0, =0.16.0, =0.1.0, =1.0.1-beta.1 and more Source cves: CVE-2022-29256 Source advisory: OSV:GHSA-GP95-PPV5-3JC5...

GHSA-GP95-PPV5-3JC5 sharp vulnerable to Command Injection in post-installation over build environment

There's a possible vulnerability in logic that is run only at npm install time when installing versions of sharp prior to the latest v0.30.5. This is not part of any runtime code, does not affect Windows users at all, and is unlikely to affect anyone that already cares about the security of their...

sharp 操作系统命令注入漏洞

sharp is a program by the individual developers at lovell for converting large images in common formats into smaller, web-friendly JPEG, PNG, WebP, GIF and AVIF images of different sizes. An operating system command injection vulnerability exists in versions prior to sharp 0.30.5. An attacker can...