Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:gem/bootstrap-sass@1.3.1
purl pkg:gem/bootstrap-sass@1.3.1
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 3.1
Vulnerabilities affecting this package (6)
Vulnerability Summary Fixed by
VCID-br4c-7x9j-g3f6
Aliases:
CVE-2018-20676
GHSA-3mgp-fx93-9xv5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') In Bootstrap, XSS is possible in the tooltip data-viewport attribute.
3.4.0
Affected by 3 other vulnerabilities.
VCID-eh2s-9hss-yken
Aliases:
CVE-2016-10735
GHSA-4p24-vmcr-4gqj
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') In Bootstrap, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.
3.4.0
Affected by 3 other vulnerabilities.
VCID-hbwg-ebvx-k7e1
Aliases:
CVE-2018-14040
GHSA-3wqf-4x89-9g79
Cross-site Scripting In Bootstrap, XSS is possible in the collapse data-parent attribute.
3.4.0
Affected by 3 other vulnerabilities.
VCID-hqne-7h6h-3ff8
Aliases:
CVE-2018-20677
GHSA-ph58-4vrj-w6hr
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') In Bootstrap, XSS is possible in the affix configuration target property.
3.4.0
Affected by 3 other vulnerabilities.
VCID-p87t-vvdx-b7dv
Aliases:
CVE-2019-8331
GHSA-9v3m-8fp8-mj99
GHSA-fxwm-579q-49qq
GHSA-wh77-3x4m-4q9g
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') In Bootstrap, XSS is possible in the tooltip or popover data-template attribute.
3.4.1
Affected by 2 other vulnerabilities.
VCID-vfsr-kypp-wbea
Aliases:
CVE-2018-14042
GHSA-7mvr-5x2g-wfc8
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') In Bootstrap, XSS is possible in the data-container property of tooltip.
3.4.0
Affected by 3 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T20:52:33.383494+00:00 GitLab Importer Affected by VCID-p87t-vvdx-b7dv https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bootstrap-sass/CVE-2019-8331.yml 38.4.0
2026-04-16T20:51:21.388411+00:00 GitLab Importer Affected by VCID-hqne-7h6h-3ff8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bootstrap-sass/CVE-2018-20677.yml 38.4.0
2026-04-16T20:51:18.966399+00:00 GitLab Importer Affected by VCID-br4c-7x9j-g3f6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bootstrap-sass/CVE-2018-20676.yml 38.4.0
2026-04-16T20:51:07.524340+00:00 GitLab Importer Affected by VCID-eh2s-9hss-yken https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bootstrap-sass/CVE-2016-10735.yml 38.4.0
2026-04-16T17:39:08.851837+00:00 Ruby Importer Affected by VCID-hbwg-ebvx-k7e1 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-14040.yml 38.4.0
2026-04-16T17:37:53.130910+00:00 Ruby Importer Affected by VCID-hqne-7h6h-3ff8 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-20677.yml 38.4.0
2026-04-16T17:37:52.876780+00:00 Ruby Importer Affected by VCID-br4c-7x9j-g3f6 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-20676.yml 38.4.0
2026-04-16T17:37:49.927520+00:00 Ruby Importer Affected by VCID-vfsr-kypp-wbea https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-14042.yml 38.4.0
2026-04-11T22:03:22.948818+00:00 GitLab Importer Affected by VCID-p87t-vvdx-b7dv https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bootstrap-sass/CVE-2019-8331.yml 38.3.0
2026-04-11T22:02:04.404724+00:00 GitLab Importer Affected by VCID-hqne-7h6h-3ff8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bootstrap-sass/CVE-2018-20677.yml 38.3.0
2026-04-11T22:02:01.671781+00:00 GitLab Importer Affected by VCID-br4c-7x9j-g3f6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bootstrap-sass/CVE-2018-20676.yml 38.3.0
2026-04-11T22:01:50.742705+00:00 GitLab Importer Affected by VCID-eh2s-9hss-yken https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bootstrap-sass/CVE-2016-10735.yml 38.3.0
2026-04-11T21:36:12.496583+00:00 Ruby Importer Affected by VCID-hbwg-ebvx-k7e1 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-14040.yml 38.3.0
2026-04-11T21:34:51.297153+00:00 Ruby Importer Affected by VCID-hqne-7h6h-3ff8 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-20677.yml 38.3.0
2026-04-11T21:34:51.044148+00:00 Ruby Importer Affected by VCID-br4c-7x9j-g3f6 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-20676.yml 38.3.0
2026-04-11T21:34:47.144022+00:00 Ruby Importer Affected by VCID-vfsr-kypp-wbea https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-14042.yml 38.3.0
2026-04-02T22:16:24.194280+00:00 GitLab Importer Affected by VCID-p87t-vvdx-b7dv https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bootstrap-sass/CVE-2019-8331.yml 38.1.0
2026-04-02T22:15:04.400459+00:00 GitLab Importer Affected by VCID-hqne-7h6h-3ff8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bootstrap-sass/CVE-2018-20677.yml 38.1.0
2026-04-02T22:15:02.037540+00:00 GitLab Importer Affected by VCID-br4c-7x9j-g3f6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bootstrap-sass/CVE-2018-20676.yml 38.1.0
2026-04-02T22:14:52.100208+00:00 GitLab Importer Affected by VCID-eh2s-9hss-yken https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bootstrap-sass/CVE-2016-10735.yml 38.1.0
2026-04-02T19:34:26.850985+00:00 Ruby Importer Affected by VCID-hbwg-ebvx-k7e1 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-14040.yml 38.1.0
2026-04-02T19:33:08.655037+00:00 Ruby Importer Affected by VCID-hqne-7h6h-3ff8 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-20677.yml 38.1.0
2026-04-02T19:33:08.425142+00:00 Ruby Importer Affected by VCID-br4c-7x9j-g3f6 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-20676.yml 38.1.0
2026-04-02T19:33:05.670641+00:00 Ruby Importer Affected by VCID-vfsr-kypp-wbea https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-14042.yml 38.1.0
2026-04-01T16:33:59.248352+00:00 GitLab Importer Affected by VCID-p87t-vvdx-b7dv https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bootstrap-sass/CVE-2019-8331.yml 38.0.0
2026-04-01T16:32:37.054376+00:00 GitLab Importer Affected by VCID-hqne-7h6h-3ff8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bootstrap-sass/CVE-2018-20677.yml 38.0.0
2026-04-01T16:32:34.629082+00:00 GitLab Importer Affected by VCID-br4c-7x9j-g3f6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bootstrap-sass/CVE-2018-20676.yml 38.0.0
2026-04-01T16:32:23.976096+00:00 GitLab Importer Affected by VCID-eh2s-9hss-yken https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bootstrap-sass/CVE-2016-10735.yml 38.0.0
2026-04-01T15:51:21.928539+00:00 Ruby Importer Affected by VCID-hbwg-ebvx-k7e1 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-14040.yml 38.0.0
2026-04-01T15:50:06.809499+00:00 Ruby Importer Affected by VCID-hqne-7h6h-3ff8 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-20677.yml 38.0.0
2026-04-01T15:50:06.523754+00:00 Ruby Importer Affected by VCID-br4c-7x9j-g3f6 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-20676.yml 38.0.0
2026-04-01T15:50:02.764899+00:00 Ruby Importer Affected by VCID-vfsr-kypp-wbea https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-14042.yml 38.0.0