12 matches found
EUVD-2025-28744
Malicious code in bioql PyPI...
Template Injection
PySpur is vulnerable to Template Injection. The vulnerability is due to improper neutralization of special elements due to unsafe handling of the usermessage argument in the SingleLLMCallNode function of the Jinja2 Template Handler component...
CVE-2025-6518
A vulnerability was found in PySpur-Dev pyspur up to 0.1.18. It has been classified as critical. Affected is the function SingleLLMCallNode of the file backend/pyspur/nodes/llm/singlellmcall.py of the component Jinja2 Template Handler. The manipulation of the argument usermessage leads to imprope...
GHSA-8GFF-CF92-72PV pyspur Incomplete Filtering of Special Elements allowed by SingleLLMCallNode function
A vulnerability was found in PySpur-Dev pyspur up to 0.1.18. It has been classified as critical. Affected is the function SingleLLMCallNode of the file backend/pyspur/nodes/llm/singlellmcall.py of the component Jinja2 Template Handler. The manipulation of the argument usermessage leads to imprope...
Improper Neutralization of Special Elements Used in a Template Engine
Overview pyspur is a PySpur is a Graph UI for building AI Agents in Python Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine via the SingleLLMCallNode function. An attacker can execute unauthorized template code and potential...
CVE-2025-6518
A vulnerability was found in PySpur-Dev pyspur up to 0.1.18. It has been classified as critical. Affected is the function SingleLLMCallNode of the file backend/pyspur/nodes/llm/singlellmcall.py of the component Jinja2 Template Handler. The manipulation of the argument usermessage leads to imprope...
CVE-2025-6518 PySpur-Dev pyspur Jinja2 Template single_llm_call.py SingleLLMCallNode special elements used in a template engine
A vulnerability was found in PySpur-Dev pyspur up to 0.1.18. It has been classified as critical. Affected is the function SingleLLMCallNode of the file backend/pyspur/nodes/llm/singlellmcall.py of the component Jinja2 Template Handler. The manipulation of the argument usermessage leads to imprope...
CVE-2025-6518 PySpur-Dev pyspur Jinja2 Template single_llm_call.py SingleLLMCallNode special elements used in a template engine
A vulnerability was found in PySpur-Dev pyspur up to 0.1.18. It has been classified as critical. Affected is the function SingleLLMCallNode of the file backend/pyspur/nodes/llm/singlellmcall.py of the component Jinja2 Template Handler. The manipulation of the argument usermessage leads to imprope...
CVE-2025-6518 PySpur-Dev pyspur Jinja2 Template single_llm_call.py SingleLLMCallNode special elements used in a template engine
A vulnerability was found in PySpur-Dev pyspur up to 0.1.18. It has been classified as critical. Affected is the function SingleLLMCallNode of the file backend/pyspur/nodes/llm/singlellmcall.py of the component Jinja2 Template Handler. The manipulation of the argument usermessage leads to imprope...
CVE-2025-6518
CVE-2025-6518 affects PySpur-Dev pyspur up to 0.1.18. The vulnerability is in the SingleLLMCallNode function (backend/pyspur/nodes/llm/single_llm_call.py) of the Jinja2 Template Handler, where improper neutralization of special elements in user_message enables remote exploitation. The exploit sta...
PT-2025-26638
Name of the Vulnerable Software and Affected Versions: PySpur-Dev pyspur versions up to 0.1.18 Description: A critical issue was found in the function SingleLLMCallNode of the file backend/pyspur/nodes/llm/single llm call.py of the component Jinja2 Template Handler. The manipulation of the argume...
PySpur 安全漏洞
PySpur is a visual playground for agent workflows in PySpur open source: iterate through agents 10x faster. A security vulnerability exists in PySpur 0.1.18 and earlier versions, which stems from improper neutralization of special elements of the template engine due to incorrect manipulation of t...