code16/sharp Security Advisories for v9.16.0 (3)
-
[HIGH] Authenticated Sharp users can download unrelated Laravel Storage objects through the generic download endpoint
PKSA-h9kt-ss6k-xq4z CVE-2026-44692 GHSA-748w-hm6r-qc7v
Affected version: <9.22.0
Reported by:
GitHub -
[HIGH] Sharp is Vulnerable to Path Traversal via Unsanitized Extension in FileUtil
PKSA-48kw-4xx3-wpfb CVE-2026-33686 GHSA-9ffq-6457-8958
Affected version: <9.20.0
Reported by:
GitHub -
[HIGH] Sharp has Unrestricted File Upload via Client-Controlled Validation Rules
PKSA-74vs-2hzw-xc7y CVE-2026-33687 GHSA-fr76-5637-w3g9
Affected version: <9.20.0
Reported by:
GitHub