Vulnerability Database

315,363

Total vulnerabilities in the database

CVE-2025-65106

LangChain is a framework for building agents and LLM-powered applications. From versions 0.3.79 and prior and 1.0.0 to 1.0.6, a template injection vulnerability exists in LangChain's prompt template system that allows attackers to access Python object internals through template syntax. This vulnerability affects applications that accept untrusted template strings (not just template variables) in ChatPromptTemplate and related prompt template classes. This issue has been patched in versions 0.3.80 and 1.0.7.

Published: Nov 20, 2025
Updated: Dec 29, 2025
CVE: CVE-2025-65106
GHSA: GHSA-6qv9-48xg-fc7f
Severity: High
Exploit:

No technical information available.

CWEs:

CWE-1336

Affected Software
References

Software	From	Fixed in
langchain-core	1.0.0	1.0.7
langchain-core	-	0.3.80

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo