A Server-Side Template Injection (SSTI) vulnerability in Spacy-LLM v0.7.2 allows attackers to execute arbitrary code via injecting a crafted payload into the template field.
"https://github.com/pypa/advisory-database/blob/main/vulns/spacy-llm/PYSEC-2026-1934.yaml"