diff --git a/app/controllers/api/avatars.php b/app/controllers/api/avatars.php
index 5083142a7e..b0eaddd742 100644
--- a/app/controllers/api/avatars.php
+++ b/app/controllers/api/avatars.php
@@ -401,6 +401,7 @@ App::get('/v1/avatars/favicon')
 
                     switch ($ext) {
                         case 'svg':
+                            // SVG icons are prioritized by assigning the maximum possible value.
                             $space = PHP_INT_MAX;
                             $outputHref = $absolute;
                             $outputExt = $ext;
@@ -457,7 +458,11 @@ App::get('/v1/avatars/favicon')
         $data = $res->getBody();
 
         if ('ico' == $outputExt) { // Skip crop, Imagick isn\'t supporting icon files
-            if (empty($data) || str_starts_with($data, '<html') || str_starts_with($data, '<!doc')) {
+            if (
+                empty($data) ||
+                stripos($data, '<html') === 0 ||
+                stripos($data, '<!doc') === 0
+            ) {
                 throw new Exception(Exception::AVATAR_ICON_NOT_FOUND, 'Favicon not found');
             }
             $response
@@ -467,6 +472,11 @@ App::get('/v1/avatars/favicon')
         }
 
         if ('svg' == $outputExt) { // Skip crop, Imagick isn\'t supporting svg files
+            $sanitizer = new \Enshrined\SvgSanitize\Sanitizer();
+            $cleanSvg = $sanitizer->sanitize($data);
+            if ($cleanSvg === false) {
+                throw new \Exception('SVG sanitization failed');
+            }
             $response
                 ->addHeader('Cache-Control', 'private, max-age=2592000') // 30 days
                 ->setContentType('image/svg+xml')
diff --git a/composer.json b/composer.json
index 31a31af9f2..73cdcc3d86 100644
--- a/composer.json
+++ b/composer.json
@@ -82,7 +82,8 @@
         "adhocore/jwt": "1.1.*",
         "spomky-labs/otphp": "^10.0",
         "webonyx/graphql-php": "14.11.*",
-        "league/csv": "9.14.*"
+        "league/csv": "9.14.*",
+        "enshrined/svg-sanitize": "0.21.*"
     },
     "require-dev": {
         "ext-fileinfo": "*",
diff --git a/composer.lock b/composer.lock
index da084c8fcd..aafe1d216c 100644
--- a/composer.lock
+++ b/composer.lock
@@ -4,7 +4,7 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
         "This file is @generated automatically"
     ],
-    "content-hash": "edbe5912c45e1f467f398541a75a77de",
+    "content-hash": "7b2ef6192403daf5c492219822ce0aa1",
     "packages": [
         {
             "name": "adhocore/jwt",
@@ -69,16 +69,16 @@
         },
         {
             "name": "appwrite/appwrite",
-            "version": "15.0.0",
+            "version": "15.1.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/appwrite/sdk-for-php.git",
-                "reference": "deb97b62e0abed8a4fd5c5d48e77365cf89867cf"
+                "reference": "c438b3885071ac7c0329199dce5e6f6a24dd215b"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/appwrite/sdk-for-php/zipball/deb97b62e0abed8a4fd5c5d48e77365cf89867cf",
-                "reference": "deb97b62e0abed8a4fd5c5d48e77365cf89867cf",
+                "url": "https://api.github.com/repos/appwrite/sdk-for-php/zipball/c438b3885071ac7c0329199dce5e6f6a24dd215b",
+                "reference": "c438b3885071ac7c0329199dce5e6f6a24dd215b",
                 "shasum": ""
             },
             "require": {
@@ -104,10 +104,10 @@
             "support": {
                 "email": "team@appwrite.io",
                 "issues": "https://github.com/appwrite/sdk-for-php/issues",
-                "source": "https://github.com/appwrite/sdk-for-php/tree/15.0.0",
+                "source": "https://github.com/appwrite/sdk-for-php/tree/15.1.0",
                 "url": "https://appwrite.io/support"
             },
-            "time": "2025-05-18T09:47:10+00:00"
+            "time": "2025-08-01T04:50:51+00:00"
         },
         {
             "name": "appwrite/php-clamav",
@@ -628,6 +628,51 @@
             ],
             "time": "2023-08-10T19:36:49+00:00"
         },
+        {
+            "name": "enshrined/svg-sanitize",
+            "version": "0.21.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/darylldoyle/svg-sanitizer.git",
+                "reference": "5e477468fac5c5ce933dce53af3e8e4e58dcccc9"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/darylldoyle/svg-sanitizer/zipball/5e477468fac5c5ce933dce53af3e8e4e58dcccc9",
+                "reference": "5e477468fac5c5ce933dce53af3e8e4e58dcccc9",
+                "shasum": ""
+            },
+            "require": {
+                "ext-dom": "*",
+                "ext-libxml": "*",
+                "php": "^7.1 || ^8.0"
+            },
+            "require-dev": {
+                "phpunit/phpunit": "^6.5 || ^8.5"
+            },
+            "type": "library",
+            "autoload": {
+                "psr-4": {
+                    "enshrined\\svgSanitize\\": "src"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "GPL-2.0-or-later"
+            ],
+            "authors": [
+                {
+                    "name": "Daryll Doyle",
+                    "email": "daryll@enshrined.co.uk"
+                }
+            ],
+            "description": "An SVG sanitizer for PHP",
+            "support": {
+                "issues": "https://github.com/darylldoyle/svg-sanitizer/issues",
+                "source": "https://github.com/darylldoyle/svg-sanitizer/tree/0.21.0"
+            },
+            "time": "2025-01-13T09:32:25+00:00"
+        },
         {
             "name": "giggsey/libphonenumber-for-php-lite",
             "version": "8.13.36",
@@ -4814,16 +4859,16 @@
     "packages-dev": [
         {
             "name": "appwrite/sdk-generator",
-            "version": "0.41.27",
+            "version": "0.41.28",
             "source": {
                 "type": "git",
                 "url": "https://github.com/appwrite/sdk-generator.git",
-                "reference": "083fd2e8163d6a4e59ee971ac6cb97277d831dd5"
+                "reference": "8eace11070264c62c8da3c69498fb8dc98fcfaf7"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/appwrite/sdk-generator/zipball/083fd2e8163d6a4e59ee971ac6cb97277d831dd5",
-                "reference": "083fd2e8163d6a4e59ee971ac6cb97277d831dd5",
+                "url": "https://api.github.com/repos/appwrite/sdk-generator/zipball/8eace11070264c62c8da3c69498fb8dc98fcfaf7",
+                "reference": "8eace11070264c62c8da3c69498fb8dc98fcfaf7",
                 "shasum": ""
             },
             "require": {
@@ -4859,9 +4904,9 @@
             "description": "Appwrite PHP library for generating API SDKs for multiple programming languages and platforms",
             "support": {
                 "issues": "https://github.com/appwrite/sdk-generator/issues",
-                "source": "https://github.com/appwrite/sdk-generator/tree/0.41.27"
+                "source": "https://github.com/appwrite/sdk-generator/tree/0.41.28"
             },
-            "time": "2025-07-31T10:20:46+00:00"
+            "time": "2025-08-01T11:06:30+00:00"
         },
         {
             "name": "doctrine/annotations",
@@ -5280,16 +5325,16 @@
         },
         {
             "name": "myclabs/deep-copy",
-            "version": "1.13.3",
+            "version": "1.13.4",
             "source": {
                 "type": "git",
                 "url": "https://github.com/myclabs/DeepCopy.git",
-                "reference": "faed855a7b5f4d4637717c2b3863e277116beb36"
+                "reference": "07d290f0c47959fd5eed98c95ee5602db07e0b6a"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/myclabs/DeepCopy/zipball/faed855a7b5f4d4637717c2b3863e277116beb36",
-                "reference": "faed855a7b5f4d4637717c2b3863e277116beb36",
+                "url": "https://api.github.com/repos/myclabs/DeepCopy/zipball/07d290f0c47959fd5eed98c95ee5602db07e0b6a",
+                "reference": "07d290f0c47959fd5eed98c95ee5602db07e0b6a",
                 "shasum": ""
             },
             "require": {
@@ -5328,7 +5373,7 @@
             ],
             "support": {
                 "issues": "https://github.com/myclabs/DeepCopy/issues",
-                "source": "https://github.com/myclabs/DeepCopy/tree/1.13.3"
+                "source": "https://github.com/myclabs/DeepCopy/tree/1.13.4"
             },
             "funding": [
                 {
@@ -5336,7 +5381,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-07-05T12:25:42+00:00"
+            "time": "2025-08-01T08:46:24+00:00"
         },
         {
             "name": "nikic/php-parser",