[GHSA-cpg4-p69m-3fq5] A vulnerability in the file upload at bookmark + asset...

[dxx33]

Updates

• Affected products
• CVSS v4
• Description
• References
• Source code location
• Summary

Comments
Vulnerability Breakdown: https://github.com/dxx33/Vulnerability-Research/blob/main/CVE-2025-14202/README.md
Fix (patched version): https://github.com/sissbruecker/linkding/releases/tag/v1.44.2

[JonathanLEvans]

Hi @dxx33,

I am unable to find linkding in a supported ecosystems. Could you provide a link to where you found it in the registry?

[dxx33]

Hi @JonathanLEvans,

Thanks for reaching out.

As far as I’m aware, linkding is a Python-based, self-hosted web application. This is the official project repository:
https://github.com/sissbruecker/linkding/tree/master

I’m not the maintainer of the project.

My intention with this request was to update the References section to include my vulnerability documentation URL:
https://github.com/dxx33/Vulnerability-Research/blob/main/CVE-2025-14202/README.md

and wanted to update the Summary to include proper researcher attribution:
“Researcher: Deema Alfehaid”, as I was the one who identified the vulnerability.

Thanks and let me know if any support needed.

[JonathanLEvans]

Hi @dxx33,

We are restricted to reviewing only advisories that affect packages in one of our supported ecosystems so I am unable to complete your request.

However, CVE-2025-14202 was assigned by the Gridware CNA. They may be able to help you get the reference added to the CVE record.