Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/twitter-bootstrap4@4.6.1%2Bdfsg1-4%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/twitter-bootstrap4@4.6.1%2Bdfsg1-4%2Bdeb12u1?distro=trixie
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (4)
Vulnerability Summary Aliases
VCID-5v1f-dupg-y7bc Bootstrap Cross-Site Scripting (XSS) vulnerability for data-* attributes A security vulnerability has been discovered in bootstrap that could enable Cross-Site Scripting (XSS) attacks. The vulnerability is associated with the data-loading-text attribute within the button plugin. This vulnerability can be exploited by injecting malicious JavaScript code into the attribute, which would then be executed when the button's loading state is triggered. CVE-2024-6485
GHSA-vxmc-5x29-h64v
VCID-eh2s-9hss-yken Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') In Bootstrap, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041. CVE-2016-10735
GHSA-4p24-vmcr-4gqj
VCID-m8sd-c588-mqbr Bootstrap Vulnerable to Cross-Site Scripting in its Popover and Tooltip Components Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Bootstrap allows Cross-Site Scripting (XSS). This issue affects Bootstrap version 3.4.1. At time of publication, there is no publicly available patched version. CVE-2025-1647
GHSA-q58r-hwc8-rm9j
VCID-p87t-vvdx-b7dv Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') In Bootstrap, XSS is possible in the tooltip or popover data-template attribute. CVE-2019-8331
GHSA-9v3m-8fp8-mj99
GHSA-fxwm-579q-49qq
GHSA-wh77-3x4m-4q9g

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T12:18:28.402638+00:00 Debian Importer Fixing VCID-eh2s-9hss-yken https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T11:35:28.190255+00:00 Debian Importer Fixing VCID-m8sd-c588-mqbr https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:26:21.925930+00:00 Debian Importer Fixing VCID-p87t-vvdx-b7dv https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:45:05.786384+00:00 Debian Importer Fixing VCID-5v1f-dupg-y7bc https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-13T08:25:06.073065+00:00 Debian Importer Fixing VCID-eh2s-9hss-yken https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:54:11.087898+00:00 Debian Importer Fixing VCID-m8sd-c588-mqbr https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:02:31.314717+00:00 Debian Importer Fixing VCID-p87t-vvdx-b7dv https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T06:30:31.224245+00:00 Debian Importer Fixing VCID-5v1f-dupg-y7bc https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-03T07:55:38.909992+00:00 Debian Importer Fixing VCID-m8sd-c588-mqbr https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:55:38.869286+00:00 Debian Importer Fixing VCID-5v1f-dupg-y7bc https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:55:38.827173+00:00 Debian Importer Fixing VCID-p87t-vvdx-b7dv https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:55:38.781985+00:00 Debian Importer Fixing VCID-eh2s-9hss-yken https://security-tracker.debian.org/tracker/data/json 38.1.0