Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:nuget/bootstrap@3.4.0
Typenuget
Namespace
Namebootstrap
Version3.4.0
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version4.0.0-beta.2
Latest_non_vulnerable_version4.3.1
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-18n3-ps2w-3fdm
vulnerability_id VCID-18n3-ps2w-3fdm
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
In Bootstrap, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.
references
0
reference_url https://access.redhat.com/errata/RHBA-2019:1076
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHBA-2019:1076
1
reference_url https://access.redhat.com/errata/RHBA-2019:1570
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHBA-2019:1570
2
reference_url https://access.redhat.com/errata/RHSA-2019:1456
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:1456
3
reference_url https://access.redhat.com/errata/RHSA-2019:3023
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:3023
4
reference_url https://access.redhat.com/errata/RHSA-2020:0132
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0132
5
reference_url https://access.redhat.com/errata/RHSA-2020:0133
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0133
6
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-10735
reference_id
reference_type
scores
0
value 0.05476
scoring_system epss
scoring_elements 0.90346
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-10735
7
reference_url https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2
reference_id
reference_type
scores
url https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2
8
reference_url https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0
reference_id
reference_type
scores
url https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0
9
reference_url https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/
reference_id
reference_type
scores
url https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/
10
reference_url https://github.com/github/advisory-database/pull/3281
reference_id
reference_type
scores
url https://github.com/github/advisory-database/pull/3281
11
reference_url https://github.com/twbs/bootstrap
reference_id
reference_type
scores
url https://github.com/twbs/bootstrap
12
reference_url https://github.com/twbs/bootstrap/issues/20184
reference_id
reference_type
scores
url https://github.com/twbs/bootstrap/issues/20184
13
reference_url https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906
reference_id
reference_type
scores
url https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906
14
reference_url https://github.com/twbs/bootstrap/pull/23679
reference_id
reference_type
scores
url https://github.com/twbs/bootstrap/pull/23679
15
reference_url https://github.com/twbs/bootstrap/pull/23687
reference_id
reference_type
scores
url https://github.com/twbs/bootstrap/pull/23687
16
reference_url https://github.com/twbs/bootstrap/pull/26460
reference_id
reference_type
scores
url https://github.com/twbs/bootstrap/pull/26460
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-10735
reference_id CVE-2016-10735
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2016-10735
18
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap/CVE-2016-10735.yml
reference_id CVE-2016-10735.YML
reference_type
scores
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap/CVE-2016-10735.yml
19
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2016-10735.yml
reference_id CVE-2016-10735.YML
reference_type
scores
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2016-10735.yml
20
reference_url https://github.com/advisories/GHSA-4p24-vmcr-4gqj
reference_id GHSA-4p24-vmcr-4gqj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4p24-vmcr-4gqj
fixed_packages
0
url pkg:nuget/bootstrap@3.4.0
purl pkg:nuget/bootstrap@3.4.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/bootstrap@3.4.0
1
url pkg:nuget/bootstrap@4.0.0-beta.2
purl pkg:nuget/bootstrap@4.0.0-beta.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/bootstrap@4.0.0-beta.2
aliases CVE-2016-10735, GHSA-4p24-vmcr-4gqj
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-18n3-ps2w-3fdm
1
url VCID-3h7c-7tz9-mqeq
vulnerability_id VCID-3h7c-7tz9-mqeq
summary 
Cross-site Scripting
In Bootstrap, XSS is possible in the collapse data-parent attribute.
references
0
reference_url http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html
reference_id
reference_type
scores
url http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html
1
reference_url http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html
reference_id
reference_type
scores
url http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-14040
reference_id
reference_type
scores
0
value 0.01926
scoring_system epss
scoring_elements 0.83677
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-14040
3
reference_url https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2
reference_id
reference_type
scores
url https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2
4
reference_url https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/
reference_id
reference_type
scores
url https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/
5
reference_url http://seclists.org/fulldisclosure/2019/May/10
reference_id
reference_type
scores
url http://seclists.org/fulldisclosure/2019/May/10
6
reference_url http://seclists.org/fulldisclosure/2019/May/11
reference_id
reference_type
scores
url http://seclists.org/fulldisclosure/2019/May/11
7
reference_url http://seclists.org/fulldisclosure/2019/May/13
reference_id
reference_type
scores
url http://seclists.org/fulldisclosure/2019/May/13
8
reference_url https://github.com/twbs/bootstrap/blob/v3.4.1/js/collapse.js#L140
reference_id
reference_type
scores
url https://github.com/twbs/bootstrap/blob/v3.4.1/js/collapse.js#L140
9
reference_url https://github.com/twbs/bootstrap/blob/v3.4.1/js/scrollspy.js#L56
reference_id
reference_type
scores
url https://github.com/twbs/bootstrap/blob/v3.4.1/js/scrollspy.js#L56
10
reference_url https://github.com/twbs/bootstrap/blob/v3.4.1/js/tooltip.js#L352
reference_id
reference_type
scores
url https://github.com/twbs/bootstrap/blob/v3.4.1/js/tooltip.js#L352
11
reference_url https://github.com/twbs/bootstrap/commit/149096016f70fd815540d62c0989fd99cdc809e0
reference_id
reference_type
scores
url https://github.com/twbs/bootstrap/commit/149096016f70fd815540d62c0989fd99cdc809e0
12
reference_url https://github.com/twbs/bootstrap/commit/2a5ba23ce8f041f3548317acc992ed8a736b609d
reference_id
reference_type
scores
url https://github.com/twbs/bootstrap/commit/2a5ba23ce8f041f3548317acc992ed8a736b609d
13
reference_url https://github.com/twbs/bootstrap/issues/26423
reference_id
reference_type
scores
url https://github.com/twbs/bootstrap/issues/26423
14
reference_url https://github.com/twbs/bootstrap/issues/26625
reference_id
reference_type
scores
url https://github.com/twbs/bootstrap/issues/26625
15
reference_url https://github.com/twbs/bootstrap/pull/26630
reference_id
reference_type
scores
url https://github.com/twbs/bootstrap/pull/26630
16
reference_url https://github.com/twbs/bootstrap-rubygem/commit/f34c43c936ac7d0ebb129289321d8c51cd56aed1#diff-4e736e880b7fc39eb5e85576b629f6e3cd08f02f45104a7b4581f82852e97a81R1306
reference_id
reference_type
scores
url https://github.com/twbs/bootstrap-rubygem/commit/f34c43c936ac7d0ebb129289321d8c51cd56aed1#diff-4e736e880b7fc39eb5e85576b629f6e3cd08f02f45104a7b4581f82852e97a81R1306
17
reference_url https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
18
reference_url https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e@%3Cdev.superset.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e@%3Cdev.superset.apache.org%3E
19
reference_url https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
20
reference_url https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
21
reference_url https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714@%3Cissues.hbase.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714@%3Cissues.hbase.apache.org%3E
22
reference_url https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E
23
reference_url https://lists.debian.org/debian-lts-announce/2018/08/msg00027.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2018/08/msg00027.html
24
reference_url https://seclists.org/bugtraq/2019/May/18
reference_id
reference_type
scores
url https://seclists.org/bugtraq/2019/May/18
25
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpuApr2021.html
26
reference_url https://www.tenable.com/security/tns-2021-14
reference_id
reference_type
scores
url https://www.tenable.com/security/tns-2021-14
27
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-14040
reference_id CVE-2018-14040
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-14040
28
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap/CVE-2018-14040.yml
reference_id CVE-2018-14040.YML
reference_type
scores
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap/CVE-2018-14040.yml
29
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-14040.yml
reference_id CVE-2018-14040.YML
reference_type
scores
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-14040.yml
30
reference_url https://github.com/advisories/GHSA-3wqf-4x89-9g79
reference_id GHSA-3wqf-4x89-9g79
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3wqf-4x89-9g79
fixed_packages
0
url pkg:nuget/bootstrap@3.4.0
purl pkg:nuget/bootstrap@3.4.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/bootstrap@3.4.0
1
url pkg:nuget/bootstrap@4.1.2
purl pkg:nuget/bootstrap@4.1.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/bootstrap@4.1.2
aliases CVE-2018-14040, GHSA-3wqf-4x89-9g79
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3h7c-7tz9-mqeq
2
url VCID-n15b-85zy-2yhm
vulnerability_id VCID-n15b-85zy-2yhm
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
In Bootstrap, XSS is possible in the data-container property of tooltip.
references
0
reference_url http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html
reference_id
reference_type
scores
url http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-14042
reference_id
reference_type
scores
0
value 0.02281
scoring_system epss
scoring_elements 0.84951
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-14042
2
reference_url https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2
reference_id
reference_type
scores
url https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2
3
reference_url https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/
reference_id
reference_type
scores
url https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/
4
reference_url http://seclists.org/fulldisclosure/2019/May/10
reference_id
reference_type
scores
url http://seclists.org/fulldisclosure/2019/May/10
5
reference_url http://seclists.org/fulldisclosure/2019/May/11
reference_id
reference_type
scores
url http://seclists.org/fulldisclosure/2019/May/11
6
reference_url http://seclists.org/fulldisclosure/2019/May/13
reference_id
reference_type
scores
url http://seclists.org/fulldisclosure/2019/May/13
7
reference_url https://github.com/twbs/bootstrap
reference_id
reference_type
scores
url https://github.com/twbs/bootstrap
8
reference_url https://github.com/twbs/bootstrap/commit/2a5ba23ce8f041f3548317acc992ed8a736b609d
reference_id
reference_type
scores
url https://github.com/twbs/bootstrap/commit/2a5ba23ce8f041f3548317acc992ed8a736b609d
9
reference_url https://github.com/twbs/bootstrap/commit/2d90d369bbc2bd2647620246c55cec8c4705e3d0
reference_id
reference_type
scores
url https://github.com/twbs/bootstrap/commit/2d90d369bbc2bd2647620246c55cec8c4705e3d0
10
reference_url https://github.com/twbs/bootstrap/issues/26423
reference_id
reference_type
scores
url https://github.com/twbs/bootstrap/issues/26423
11
reference_url https://github.com/twbs/bootstrap/issues/26428
reference_id
reference_type
scores
url https://github.com/twbs/bootstrap/issues/26428
12
reference_url https://github.com/twbs/bootstrap/issues/26628
reference_id
reference_type
scores
url https://github.com/twbs/bootstrap/issues/26628
13
reference_url https://github.com/twbs/bootstrap/pull/26630
reference_id
reference_type
scores
url https://github.com/twbs/bootstrap/pull/26630
14
reference_url https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
15
reference_url https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e@%3Cdev.superset.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e@%3Cdev.superset.apache.org%3E
16
reference_url https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
17
reference_url https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
18
reference_url https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714@%3Cissues.hbase.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714@%3Cissues.hbase.apache.org%3E
19
reference_url https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E
20
reference_url https://seclists.org/bugtraq/2019/May/18
reference_id
reference_type
scores
url https://seclists.org/bugtraq/2019/May/18
21
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpuApr2021.html
22
reference_url https://www.tenable.com/security/tns-2021-14
reference_id
reference_type
scores
url https://www.tenable.com/security/tns-2021-14
23
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-14042
reference_id CVE-2018-14042
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-14042
24
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap/CVE-2018-14042.yml
reference_id CVE-2018-14042.YML
reference_type
scores
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap/CVE-2018-14042.yml
25
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-14042.yml
reference_id CVE-2018-14042.YML
reference_type
scores
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-14042.yml
26
reference_url https://github.com/advisories/GHSA-7mvr-5x2g-wfc8
reference_id GHSA-7mvr-5x2g-wfc8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7mvr-5x2g-wfc8
fixed_packages
0
url pkg:nuget/bootstrap@3.4.0
purl pkg:nuget/bootstrap@3.4.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/bootstrap@3.4.0
1
url pkg:nuget/bootstrap@4.1.2
purl pkg:nuget/bootstrap@4.1.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/bootstrap@4.1.2
aliases CVE-2018-14042, GHSA-7mvr-5x2g-wfc8
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n15b-85zy-2yhm
3
url VCID-rkyh-5kfr-dqan
vulnerability_id VCID-rkyh-5kfr-dqan
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
In Bootstrap, XSS is possible in the affix configuration target property.
references
0
reference_url https://access.redhat.com/errata/RHBA-2019:1076
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHBA-2019:1076
1
reference_url https://access.redhat.com/errata/RHBA-2019:1570
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHBA-2019:1570
2
reference_url https://access.redhat.com/errata/RHSA-2019:1456
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:1456
3
reference_url https://access.redhat.com/errata/RHSA-2019:3023
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:3023
4
reference_url https://access.redhat.com/errata/RHSA-2020:0132
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0132
5
reference_url https://access.redhat.com/errata/RHSA-2020:0133
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0133
6
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-20677
reference_id
reference_type
scores
0
value 0.09805
scoring_system epss
scoring_elements 0.93093
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-20677
7
reference_url https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0
reference_id
reference_type
scores
url https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0
8
reference_url https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/
reference_id
reference_type
scores
url https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/
9
reference_url https://github.com/twbs/bootstrap
reference_id
reference_type
scores
url https://github.com/twbs/bootstrap
10
reference_url https://github.com/twbs/bootstrap/commit/2a5ba23ce8f041f3548317acc992ed8a736b609d
reference_id
reference_type
scores
url https://github.com/twbs/bootstrap/commit/2a5ba23ce8f041f3548317acc992ed8a736b609d
11
reference_url https://github.com/twbs/bootstrap/issues/27045
reference_id
reference_type
scores
url https://github.com/twbs/bootstrap/issues/27045
12
reference_url https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906
reference_id
reference_type
scores
url https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906
13
reference_url https://github.com/twbs/bootstrap/issues/27915#issuecomment-452196628
reference_id
reference_type
scores
url https://github.com/twbs/bootstrap/issues/27915#issuecomment-452196628
14
reference_url https://github.com/twbs/bootstrap/pull/27047
reference_id
reference_type
scores
url https://github.com/twbs/bootstrap/pull/27047
15
reference_url https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e@%3Cdev.superset.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e@%3Cdev.superset.apache.org%3E
16
reference_url https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-20677
reference_id CVE-2018-20677
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-20677
18
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap/CVE-2018-20677.yml
reference_id CVE-2018-20677.YML
reference_type
scores
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap/CVE-2018-20677.yml
19
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-20677.yml
reference_id CVE-2018-20677.YML
reference_type
scores
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-20677.yml
20
reference_url https://github.com/advisories/GHSA-ph58-4vrj-w6hr
reference_id GHSA-ph58-4vrj-w6hr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-ph58-4vrj-w6hr
fixed_packages
0
url pkg:nuget/bootstrap@3.4.0
purl pkg:nuget/bootstrap@3.4.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/bootstrap@3.4.0
aliases CVE-2018-20677, GHSA-ph58-4vrj-w6hr
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rkyh-5kfr-dqan
4
url VCID-tcnu-cv5j-e7bc
vulnerability_id VCID-tcnu-cv5j-e7bc
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
In Bootstrap, XSS is possible in the tooltip data-viewport attribute.
references
0
reference_url https://access.redhat.com/errata/RHBA-2019:1076
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHBA-2019:1076
1
reference_url https://access.redhat.com/errata/RHBA-2019:1570
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHBA-2019:1570
2
reference_url https://access.redhat.com/errata/RHSA-2019:1456
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:1456
3
reference_url https://access.redhat.com/errata/RHSA-2019:3023
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:3023
4
reference_url https://access.redhat.com/errata/RHSA-2020:0132
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0132
5
reference_url https://access.redhat.com/errata/RHSA-2020:0133
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0133
6
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-20676
reference_id
reference_type
scores
0
value 0.05541
scoring_system epss
scoring_elements 0.90408
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-20676
7
reference_url https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0
reference_id
reference_type
scores
url https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0
8
reference_url https://github.com/twbs/bootstrap
reference_id
reference_type
scores
url https://github.com/twbs/bootstrap
9
reference_url https://github.com/twbs/bootstrap/commit/2a5ba23ce8f041f3548317acc992ed8a736b609d
reference_id
reference_type
scores
url https://github.com/twbs/bootstrap/commit/2a5ba23ce8f041f3548317acc992ed8a736b609d
10
reference_url https://github.com/twbs/bootstrap/issues/27044
reference_id
reference_type
scores
url https://github.com/twbs/bootstrap/issues/27044
11
reference_url https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906
reference_id
reference_type
scores
url https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906
12
reference_url https://github.com/twbs/bootstrap/issues/27915#issuecomment-452196628
reference_id
reference_type
scores
url https://github.com/twbs/bootstrap/issues/27915#issuecomment-452196628
13
reference_url https://github.com/twbs/bootstrap/pull/27047
reference_id
reference_type
scores
url https://github.com/twbs/bootstrap/pull/27047
14
reference_url https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-20676
reference_id CVE-2018-20676
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-20676
16
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap/CVE-2018-20676.yml
reference_id CVE-2018-20676.YML
reference_type
scores
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap/CVE-2018-20676.yml
17
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-20676.yml
reference_id CVE-2018-20676.YML
reference_type
scores
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-20676.yml
18
reference_url https://github.com/advisories/GHSA-3mgp-fx93-9xv5
reference_id GHSA-3mgp-fx93-9xv5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3mgp-fx93-9xv5
fixed_packages
0
url pkg:nuget/bootstrap@3.4.0
purl pkg:nuget/bootstrap@3.4.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/bootstrap@3.4.0
aliases CVE-2018-20676, GHSA-3mgp-fx93-9xv5
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tcnu-cv5j-e7bc
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:nuget/bootstrap@3.4.0