diff --git a/CMakeLists.txt b/CMakeLists.txt
index 35e9f3c..4800c40 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -1,6 +1,6 @@
 cmake_minimum_required (VERSION 3.2)
 project(libravatarserv
-        VERSION 0.6.4
+        VERSION 0.6.5
         LANGUAGES CXX
 )
 
diff --git a/src/hash.cpp b/src/hash.cpp
index 5efd37e..a7e3fa9 100644
--- a/src/hash.cpp
+++ b/src/hash.cpp
@@ -69,3 +69,31 @@ bool hash::fill_table()
     }
     return true;
 }
+
+bool hash::is_valid(const string &digest)
+{
+    if (digest.length() != 64 && digest.length() != 32)
+    {
+        return false;
+    }
+    if (std::any_of(digest.begin(), digest.end(), not_hex))
+    {
+        return false;
+    }
+
+    return true;
+}
+
+bool hash::not_hex(const char &c)
+{
+    if (c >= 0x61 && c <= 0x66)
+    {   // a-f
+        return false;
+    }
+    if (c >= 0x30 && c <= 0x39)
+    {   // 0-9
+        return false;
+    }
+
+    return true;
+}
diff --git a/src/libravatarserv.cpp b/src/libravatarserv.cpp
index f6c1f0a..53d3d61 100644
--- a/src/libravatarserv.cpp
+++ b/src/libravatarserv.cpp
@@ -45,6 +45,12 @@ int main()
         return 1;
     }
     http::Request avatar = http::parse_request(request);
+    if (!hash::is_valid(avatar.digest))
+    {
+        cout << "Status: 400 Bad Request\n\n";
+        cerr << "Error: Hash is invalid\n";
+        return 1;
+    }
 
     if (!find_avatar_dir())
     {
diff --git a/src/libravatarserv.hpp b/src/libravatarserv.hpp
index c6e832a..882fc1b 100644
--- a/src/libravatarserv.hpp
+++ b/src/libravatarserv.hpp
@@ -71,6 +71,8 @@ namespace hash  // hash.cpp
     const string md5(const string &text);
     const string sha256(const string &text);
     bool fill_table();
+    bool is_valid(const string &digest);
+    bool not_hex(const char &c);
 }
 
 namespace image // image.cpp