CVE-2026-2969

A flaw has been found in datapizza-labs datapizza-ai 0.0.2. Affected is the function ChatPromptTemplate of the file datapizza-ai-core/datapizza/modules/prompt/prompt.py of the component Jinja2 Template Handler. This manipulation of the argument Prompt causes improper neutralization of special...

datapizza-ai: Server-Side Template Injection in ChatPromptTemplate via Jinja2 Template Handler

A flaw has been found in datapizza-labs datapizza-ai 0.0.2. Affected is the function ChatPromptTemplate of the file datapizza-ai-core/datapizza/modules/prompt/prompt.py of the component Jinja2 Template Handler. This manipulation of the argument Prompt causes improper neutralization of special...

GHSA-Q5XX-FXV3-XXQF datapizza-ai: Server-Side Template Injection in ChatPromptTemplate via Jinja2 Template Handler

A flaw has been found in datapizza-labs datapizza-ai 0.0.2. Affected is the function ChatPromptTemplate of the file datapizza-ai-core/datapizza/modules/prompt/prompt.py of the component Jinja2 Template Handler. This manipulation of the argument Prompt causes improper neutralization of special...

CVE-2026-2969

A flaw has been found in datapizza-labs datapizza-ai 0.0.2. Affected is the function ChatPromptTemplate of the file datapizza-ai-core/datapizza/modules/prompt/prompt.py of the component Jinja2 Template Handler. This manipulation of the argument Prompt causes improper neutralization of special...

CVE-2026-2969 datapizza-labs datapizza-ai Jinja2 Template prompt.py ChatPromptTemplate special elements used in a template engine

A flaw has been found in datapizza-labs datapizza-ai 0.0.2. Affected is the function ChatPromptTemplate of the file datapizza-ai-core/datapizza/modules/prompt/prompt.py of the component Jinja2 Template Handler. This manipulation of the argument Prompt causes improper neutralization of special...

CVE-2025-65106

LangChain is a framework for building agents and LLM-powered applications. From versions 0.3.79 and prior and 1.0.0 to 1.0.6, a template injection vulnerability exists in LangChain's prompt template system that allows attackers to access Python object internals through template syntax. This...

Template Injection

Overview langchain-core is a Building applications with LLMs through composability Affected versions of this package are vulnerable to Template Injection in the prompt template system. An attacker can access internal Python object attributes by submitting specially crafted template strings to...

GHSA-5CHR-FJJV-38QV langchain-core allows unauthorized users to read arbitrary files from the host file system

A vulnerability in langchain-core versions =0.1.17,=0.2.0,=0.3.0,0.3.15 allows unauthorized users to read arbitrary files from the host file system. The issue arises from the ability to create langchaincore.prompts.ImagePromptTemplate's and by extension langchaincore.prompts.ChatPromptTemplate's...