diff --git a/multipart-async-std/Cargo.toml b/multipart-async-std/Cargo.toml
index 10d543cd..7f8aa5b4 100644
--- a/multipart-async-std/Cargo.toml
+++ b/multipart-async-std/Cargo.toml
@@ -15,3 +15,4 @@ actix-multipart = "0.2.0"
 actix-web = "2.0.0"
 actix-rt = "1.0.0"
 async-std = "1.4.0"
+sanitize-filename = "0.2"
diff --git a/multipart-async-std/src/main.rs b/multipart-async-std/src/main.rs
index 9e42f54b..ea8f2945 100644
--- a/multipart-async-std/src/main.rs
+++ b/multipart-async-std/src/main.rs
@@ -12,7 +12,7 @@ async fn save_file(mut payload: Multipart) -> Result<HttpResponse, Error> {
         let filename = content_type
             .get_filename()
             .ok_or_else(|| actix_web::error::ParseError::Incomplete)?;
-        let filepath = format!("./tmp/{}", filename);
+        let filepath = format!("./tmp/{}", sanitize_filename::sanitize(&filename));
         let mut f = async_std::fs::File::create(filepath).await?;
 
         // Field in turn is stream of *Bytes* object
diff --git a/multipart-s3/Cargo.toml b/multipart-s3/Cargo.toml
index 533081a0..b2d76f57 100644
--- a/multipart-s3/Cargo.toml
+++ b/multipart-s3/Cargo.toml
@@ -17,3 +17,4 @@ bytes = { version = "0.5", features = ["serde"] }
 serde = { version = "1.0.104", features = ["derive"] }
 serde_json = "1.0"
 dotenv = "0.15.0"
+sanitize-filename = "0.2"
diff --git a/multipart-s3/src/utils/upload.rs b/multipart-s3/src/utils/upload.rs
index 8bd756f6..e93db21d 100644
--- a/multipart-s3/src/utils/upload.rs
+++ b/multipart-s3/src/utils/upload.rs
@@ -78,7 +78,7 @@ pub async fn split_payload(payload: &mut Multipart) -> (bytes::Bytes, Vec<Tmpfil
         } else {
             match content_type.get_filename() {
                 Some(filename) => {
-                    let tmp_file = Tmpfile::new(filename);
+                    let tmp_file = Tmpfile::new(&sanitize_filename::sanitize(&filename));
                     let tmp_path = tmp_file.tmp_path.clone();
                     let mut f = web::block(move || std::fs::File::create(&tmp_path))
                         .await
diff --git a/multipart/Cargo.toml b/multipart/Cargo.toml
index f574bc5d..feaf3d01 100644
--- a/multipart/Cargo.toml
+++ b/multipart/Cargo.toml
@@ -14,3 +14,4 @@ actix-multipart = "0.2.0"
 actix-rt = "1.0.0"
 actix-web = "2.0.0"
 futures = "0.3.1"
+sanitize-filename = "0.2"
diff --git a/multipart/src/main.rs b/multipart/src/main.rs
index 9d604abf..0930a102 100644
--- a/multipart/src/main.rs
+++ b/multipart/src/main.rs
@@ -9,7 +9,7 @@ async fn save_file(mut payload: Multipart) -> Result<HttpResponse, Error> {
     while let Ok(Some(mut field)) = payload.try_next().await {
         let content_type = field.content_disposition().unwrap();
         let filename = content_type.get_filename().unwrap();
-        let filepath = format!("./tmp/{}", filename);
+        let filepath = format!("./tmp/{}", sanitize_filename::sanitize(&filename));
         // File::create is blocking operation, use threadpool
         let mut f = web::block(|| std::fs::File::create(filepath))
             .await