bootstrap
npm9 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting bootstrappage 1 of 1
- CVE-2016-10735MEDIUMCVSS 6.1✓ Fixed in 4.0.0-beta.22019-01-09
In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.
- CVE-2018-14040MEDIUMCVSS 6.1✓ Fixed in 3.4.02018-07-13
In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.
- CVE-2018-14041MEDIUMCVSS 6.1✓ Fixed in 4.1.22018-07-13
In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy.
- CVE-2018-14042MEDIUMCVSS 6.1✓ Fixed in 3.4.02018-07-13
In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.
- CVE-2018-20676MEDIUMCVSS 6.1✓ Fixed in 3.4.02019-01-09
In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.
- CVE-2018-20677MEDIUMCVSS 6.1✓ Fixed in 3.4.02019-01-09
In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.
- CVE-2019-8331MEDIUMCVSS 6.1✓ Fixed in 3.4.12019-02-20
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
- CVE-2024-6485MEDIUMCVSS 6.4EG 6.42024-07-11
A security vulnerability has been discovered in bootstrap that could enable Cross-Site Scripting (XSS) attacks. The vulnerability is associated with the data-loading-text attribute within the button plugin. This vulnerability can be exploi…
- CVE-2025-1647MEDIUMCVSS 5.6EG 5.62025-05-15
vulnerable: 3.4.1
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Bootstrap allows Cross-Site Scripting (XSS).This issue affects Bootstrap: from 3.4.1 before 4.0.0.
Check whether bootstrap is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for bootstrap CVEs against the assets you own.
Start Free Scan →