code16/sharp
Packagist5 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting code16/sharppage 1 of 1
- CVE-2025-61457MEDIUMCVSS 6.1EG 6.1✓ Fixed in 9.7.02025-10-21
vulnerable: 7.0.0-alpha.1 ... v9.6.6 (279 versions)
code16 Sharp v9.6.6 is vulnerable to Cross Site Scripting (XSS) src/Form/Fields/SharpFormUploadField.php.
- CVE-2025-62798MEDIUMCVSS 5.4EG 5.4✓ Fixed in 9.11.12025-10-28
vulnerable: 7.0.0-alpha.1 ... v9.9.0 (290 versions)
Sharp is a content management framework built for Laravel as a package. Prior to 9.11.1, a Cross-Site Scripting (XSS) vulnerability was discovered in code16/sharp when rendering content using the SharpShowTextField component. In affected v…
- CVE-2026-33687HIGHCVSS 8.8EG 8.8✓ Fixed in 9.20.02026-03-26
vulnerable: 7.0.0-alpha.1 ... v9.9.0 (310 versions)
Sharp is a content management framework built for Laravel as a package. Versions prior to 9.20.0 contain a vulnerability in the file upload endpoint that allows authenticated users to bypass all file type restrictions. The upload endpoint …
- CVE-2026-44692HIGHCVSS 7.7EG 7.7✓ Fixed in 9.22.02026-05-15
vulnerable: 7.0.0-alpha.1 ... v9.9.0 (314 versions)
Sharp is a content management framework built for Laravel as a package. Prior to version 9.22.0, Sharp exposes a generic download endpoint that authorizes access only to the supplied Sharp entity instance, but then reads the target storage…
- CVE-2026-53634MEDIUMCVSS 4.3EG 4.3✓ Fixed in 9.22.32026-06-10
vulnerable: v9.0.0 ... v9.9.0 (80 versions)
Sharp is a content management framework built for Laravel as a package. From version 9.0.0 to before version 9.22.3, the create and store endpoints of the Quick Creation Command feature did not enforce any authorization check. An authentic…
Check whether code16/sharp is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for code16/sharp CVEs against the assets you own.
Start Free Scan →