Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/bootstrap@5.0.0-alpha1
Typenpm
Namespace
Namebootstrap
Version5.0.0-alpha1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.0.0
Latest_non_vulnerable_version5.0.0
Affected_by_vulnerabilities
0
url VCID-qnq4-m5wm-qbhm
vulnerability_id VCID-qnq4-m5wm-qbhm
summary 
Withdrawn Advisory: Bootstrap Cross-Site Scripting (XSS) vulnerability
## Withdrawn Advisory
This advisory is withdrawn because it was not a security issue in Bootstrap. Bootstrap’s JavaScript is not intended to sanitize unsafe or intentionally dangerous HTML. As such, the reported behavior fell outside the scope of Bootstrap’s security model, and the associated CVE has been rescinded.

## Original Descripton

A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an <a> tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.
references
0
reference_url https://github.com/advisories/GHSA-vc8w-jr9v-vj7f
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3
scoring_elements
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vc8w-jr9v-vj7f
1
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap/CVE-2024-6531.yml
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap/CVE-2024-6531.yml
2
reference_url https://github.com/twbs/bootstrap
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/twbs/bootstrap
3
reference_url https://lists.debian.org/debian-lts-announce/2025/04/msg00021.html
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/04/msg00021.html
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-6531
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-6531
5
reference_url https://www.herodevs.com/vulnerability-directory/cve-2024-6531
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.herodevs.com/vulnerability-directory/cve-2024-6531
6
reference_url https://usn.ubuntu.com/7556-1/
reference_id USN-7556-1
reference_type
scores
url https://usn.ubuntu.com/7556-1/
fixed_packages
0
url pkg:npm/bootstrap@5.0.0
purl pkg:npm/bootstrap@5.0.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/bootstrap@5.0.0
aliases CVE-2024-6531, GHSA-vc8w-jr9v-vj7f
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qnq4-m5wm-qbhm
Fixing_vulnerabilities
0
url VCID-qnq4-m5wm-qbhm
vulnerability_id VCID-qnq4-m5wm-qbhm
summary 
Withdrawn Advisory: Bootstrap Cross-Site Scripting (XSS) vulnerability
## Withdrawn Advisory
This advisory is withdrawn because it was not a security issue in Bootstrap. Bootstrap’s JavaScript is not intended to sanitize unsafe or intentionally dangerous HTML. As such, the reported behavior fell outside the scope of Bootstrap’s security model, and the associated CVE has been rescinded.

## Original Descripton

A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an <a> tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.
references
0
reference_url https://github.com/advisories/GHSA-vc8w-jr9v-vj7f
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3
scoring_elements
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vc8w-jr9v-vj7f
1
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap/CVE-2024-6531.yml
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap/CVE-2024-6531.yml
2
reference_url https://github.com/twbs/bootstrap
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/twbs/bootstrap
3
reference_url https://lists.debian.org/debian-lts-announce/2025/04/msg00021.html
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/04/msg00021.html
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-6531
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-6531
5
reference_url https://www.herodevs.com/vulnerability-directory/cve-2024-6531
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.herodevs.com/vulnerability-directory/cve-2024-6531
6
reference_url https://usn.ubuntu.com/7556-1/
reference_id USN-7556-1
reference_type
scores
url https://usn.ubuntu.com/7556-1/
fixed_packages
0
url pkg:npm/bootstrap@5.0.0-alpha1
purl pkg:npm/bootstrap@5.0.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-qnq4-m5wm-qbhm
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/bootstrap@5.0.0-alpha1
1
url pkg:npm/bootstrap@5.0.0
purl pkg:npm/bootstrap@5.0.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/bootstrap@5.0.0
aliases CVE-2024-6531, GHSA-vc8w-jr9v-vj7f
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qnq4-m5wm-qbhm
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/bootstrap@5.0.0-alpha1