diff --git a/src/shared/roles.guard.ts b/src/shared/roles.guard.ts
index ae5c05fcfdb1d1a812d079de7e43cdb3c237b59a..359a42d8165ee7d579078c300eded626b760df8b 100644
--- a/src/shared/roles.guard.ts
+++ b/src/shared/roles.guard.ts
@@ -9,6 +9,7 @@ import { Reflector } from '@nestjs/core';
 import * as jwt from 'jsonwebtoken';
 import { InjectRepository } from '@nestjs/typeorm';
 import { Repository } from 'typeorm';
+import { Validator } from 'class-validator';
 
 import { Game_PersonEntity } from '../game/game.entity';
 
@@ -32,6 +33,12 @@ export class RolesGuard implements CanActivate {
       return false;
     }
     const gameId = request.params.id;
+    // create a valifator
+    const validator = new Validator();
+    // verify UUID
+    if (!validator.isUUID(gameId)) {
+      throw new HttpException('Game not found', HttpStatus.BAD_REQUEST);
+    }
     request.user = await this.getUserObject(request.headers.authorization);
     const role = await this.game_PersonRepository.findOne({
       where: { person: request.user['id'], game: gameId },
diff --git a/src/shared/states.guard.ts b/src/shared/states.guard.ts
index 9e85e94e40f92ed6b016e451c592a3025a684cad..961b93619883e3c55be3ab5e54fdc92e65f27e74 100644
--- a/src/shared/states.guard.ts
+++ b/src/shared/states.guard.ts
@@ -8,6 +8,7 @@ import {
 import { Reflector } from '@nestjs/core';
 import { InjectRepository } from '@nestjs/typeorm';
 import { Repository } from 'typeorm';
+import { Validator } from 'class-validator';
 
 import { GameEntity } from '../game/game.entity';
 
@@ -29,6 +30,12 @@ export class StatesGuard implements CanActivate {
     }
     const request = context.switchToHttp().getRequest();
     const gameId = request.params.id;
+    // create a valifator
+    const validator = new Validator();
+    // verify UUID
+    if (!validator.isUUID(gameId)) {
+      throw new HttpException('Game not found', HttpStatus.BAD_REQUEST);
+    }
     const gameRef = await this.gameRepository.findOne({
       id: gameId,
     });