Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:gem/bootstrap-sass@1.3.2
purl pkg:gem/bootstrap-sass@1.3.2
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 3.1
Vulnerabilities affecting this package (6)
Vulnerability Summary Fixed by
VCID-br4c-7x9j-g3f6
Aliases:
CVE-2018-20676
GHSA-3mgp-fx93-9xv5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') In Bootstrap, XSS is possible in the tooltip data-viewport attribute.
3.4.0
Affected by 3 other vulnerabilities.
VCID-eh2s-9hss-yken
Aliases:
CVE-2016-10735
GHSA-4p24-vmcr-4gqj
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') In Bootstrap, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.
3.4.0
Affected by 3 other vulnerabilities.
VCID-hbwg-ebvx-k7e1
Aliases:
CVE-2018-14040
GHSA-3wqf-4x89-9g79
Cross-site Scripting In Bootstrap, XSS is possible in the collapse data-parent attribute.
3.4.0
Affected by 3 other vulnerabilities.
VCID-hqne-7h6h-3ff8
Aliases:
CVE-2018-20677
GHSA-ph58-4vrj-w6hr
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') In Bootstrap, XSS is possible in the affix configuration target property.
3.4.0
Affected by 3 other vulnerabilities.
VCID-p87t-vvdx-b7dv
Aliases:
CVE-2019-8331
GHSA-9v3m-8fp8-mj99
GHSA-fxwm-579q-49qq
GHSA-wh77-3x4m-4q9g
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') In Bootstrap, XSS is possible in the tooltip or popover data-template attribute.
3.4.1
Affected by 2 other vulnerabilities.
VCID-vfsr-kypp-wbea
Aliases:
CVE-2018-14042
GHSA-7mvr-5x2g-wfc8
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') In Bootstrap, XSS is possible in the data-container property of tooltip.
3.4.0
Affected by 3 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T20:52:33.386705+00:00 GitLab Importer Affected by VCID-p87t-vvdx-b7dv https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bootstrap-sass/CVE-2019-8331.yml 38.4.0
2026-04-16T20:51:21.391683+00:00 GitLab Importer Affected by VCID-hqne-7h6h-3ff8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bootstrap-sass/CVE-2018-20677.yml 38.4.0
2026-04-16T20:51:18.969783+00:00 GitLab Importer Affected by VCID-br4c-7x9j-g3f6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bootstrap-sass/CVE-2018-20676.yml 38.4.0
2026-04-16T20:51:07.527549+00:00 GitLab Importer Affected by VCID-eh2s-9hss-yken https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bootstrap-sass/CVE-2016-10735.yml 38.4.0
2026-04-16T17:39:08.854928+00:00 Ruby Importer Affected by VCID-hbwg-ebvx-k7e1 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-14040.yml 38.4.0
2026-04-16T17:37:53.134254+00:00 Ruby Importer Affected by VCID-hqne-7h6h-3ff8 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-20677.yml 38.4.0
2026-04-16T17:37:52.879821+00:00 Ruby Importer Affected by VCID-br4c-7x9j-g3f6 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-20676.yml 38.4.0
2026-04-16T17:37:49.930954+00:00 Ruby Importer Affected by VCID-vfsr-kypp-wbea https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-14042.yml 38.4.0
2026-04-11T22:03:22.952229+00:00 GitLab Importer Affected by VCID-p87t-vvdx-b7dv https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bootstrap-sass/CVE-2019-8331.yml 38.3.0
2026-04-11T22:02:04.408696+00:00 GitLab Importer Affected by VCID-hqne-7h6h-3ff8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bootstrap-sass/CVE-2018-20677.yml 38.3.0
2026-04-11T22:02:01.675422+00:00 GitLab Importer Affected by VCID-br4c-7x9j-g3f6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bootstrap-sass/CVE-2018-20676.yml 38.3.0
2026-04-11T22:01:50.746768+00:00 GitLab Importer Affected by VCID-eh2s-9hss-yken https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bootstrap-sass/CVE-2016-10735.yml 38.3.0
2026-04-11T21:36:12.499930+00:00 Ruby Importer Affected by VCID-hbwg-ebvx-k7e1 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-14040.yml 38.3.0
2026-04-11T21:34:51.300822+00:00 Ruby Importer Affected by VCID-hqne-7h6h-3ff8 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-20677.yml 38.3.0
2026-04-11T21:34:51.047465+00:00 Ruby Importer Affected by VCID-br4c-7x9j-g3f6 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-20676.yml 38.3.0
2026-04-11T21:34:47.147999+00:00 Ruby Importer Affected by VCID-vfsr-kypp-wbea https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-14042.yml 38.3.0
2026-04-02T22:16:24.197638+00:00 GitLab Importer Affected by VCID-p87t-vvdx-b7dv https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bootstrap-sass/CVE-2019-8331.yml 38.1.0
2026-04-02T22:15:04.403910+00:00 GitLab Importer Affected by VCID-hqne-7h6h-3ff8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bootstrap-sass/CVE-2018-20677.yml 38.1.0
2026-04-02T22:15:02.041123+00:00 GitLab Importer Affected by VCID-br4c-7x9j-g3f6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bootstrap-sass/CVE-2018-20676.yml 38.1.0
2026-04-02T22:14:52.103461+00:00 GitLab Importer Affected by VCID-eh2s-9hss-yken https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bootstrap-sass/CVE-2016-10735.yml 38.1.0
2026-04-02T19:34:26.854192+00:00 Ruby Importer Affected by VCID-hbwg-ebvx-k7e1 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-14040.yml 38.1.0
2026-04-02T19:33:08.658299+00:00 Ruby Importer Affected by VCID-hqne-7h6h-3ff8 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-20677.yml 38.1.0
2026-04-02T19:33:08.428201+00:00 Ruby Importer Affected by VCID-br4c-7x9j-g3f6 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-20676.yml 38.1.0
2026-04-02T19:33:05.673877+00:00 Ruby Importer Affected by VCID-vfsr-kypp-wbea https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-14042.yml 38.1.0
2026-04-01T16:33:59.252287+00:00 GitLab Importer Affected by VCID-p87t-vvdx-b7dv https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bootstrap-sass/CVE-2019-8331.yml 38.0.0
2026-04-01T16:32:37.057707+00:00 GitLab Importer Affected by VCID-hqne-7h6h-3ff8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bootstrap-sass/CVE-2018-20677.yml 38.0.0
2026-04-01T16:32:34.632414+00:00 GitLab Importer Affected by VCID-br4c-7x9j-g3f6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bootstrap-sass/CVE-2018-20676.yml 38.0.0
2026-04-01T16:32:23.980216+00:00 GitLab Importer Affected by VCID-eh2s-9hss-yken https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bootstrap-sass/CVE-2016-10735.yml 38.0.0
2026-04-01T15:51:21.932226+00:00 Ruby Importer Affected by VCID-hbwg-ebvx-k7e1 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-14040.yml 38.0.0
2026-04-01T15:50:06.813326+00:00 Ruby Importer Affected by VCID-hqne-7h6h-3ff8 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-20677.yml 38.0.0
2026-04-01T15:50:06.527855+00:00 Ruby Importer Affected by VCID-br4c-7x9j-g3f6 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-20676.yml 38.0.0
2026-04-01T15:50:02.769478+00:00 Ruby Importer Affected by VCID-vfsr-kypp-wbea https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-14042.yml 38.0.0