Security

.github/SECURITY.md

Security Policy

Supported Versions

The latest version of sharp as published to npm and reported by npm view sharp dist-tags.latest is supported with security updates.

Reporting a Vulnerability

Please use e-mail to report a vulnerability.

You can expect a response within 48 hours if you are a human reporting a genuine issue.

Thank you in advance.

Vulnerability in libwebp dependency CVE-2023-4863
GHSA-54xq-cgqr-rpm3 published Nov 16, 2023 by lovell

High
Possible vulnerability at 'npm install' time if an attacker has control over build environment
GHSA-gp95-ppv5-3jc5 published May 25, 2022 by lovell

Moderate

Learn more about advisories related to lovell/sharp in the GitHub Advisory Database