Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:gem/bootstrap-sass@1.4.2
purl pkg:gem/bootstrap-sass@1.4.2
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 3.1
Vulnerabilities affecting this package (6)
Vulnerability Summary Fixed by
VCID-br4c-7x9j-g3f6
Aliases:
CVE-2018-20676
GHSA-3mgp-fx93-9xv5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') In Bootstrap, XSS is possible in the tooltip data-viewport attribute.
3.4.0
Affected by 3 other vulnerabilities.
VCID-eh2s-9hss-yken
Aliases:
CVE-2016-10735
GHSA-4p24-vmcr-4gqj
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') In Bootstrap, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.
3.4.0
Affected by 3 other vulnerabilities.
VCID-hbwg-ebvx-k7e1
Aliases:
CVE-2018-14040
GHSA-3wqf-4x89-9g79
Cross-site Scripting In Bootstrap, XSS is possible in the collapse data-parent attribute.
3.4.0
Affected by 3 other vulnerabilities.
VCID-hqne-7h6h-3ff8
Aliases:
CVE-2018-20677
GHSA-ph58-4vrj-w6hr
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') In Bootstrap, XSS is possible in the affix configuration target property.
3.4.0
Affected by 3 other vulnerabilities.
VCID-p87t-vvdx-b7dv
Aliases:
CVE-2019-8331
GHSA-9v3m-8fp8-mj99
GHSA-fxwm-579q-49qq
GHSA-wh77-3x4m-4q9g
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') In Bootstrap, XSS is possible in the tooltip or popover data-template attribute.
3.4.1
Affected by 2 other vulnerabilities.
VCID-vfsr-kypp-wbea
Aliases:
CVE-2018-14042
GHSA-7mvr-5x2g-wfc8
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') In Bootstrap, XSS is possible in the data-container property of tooltip.
3.4.0
Affected by 3 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T20:52:33.396693+00:00 GitLab Importer Affected by VCID-p87t-vvdx-b7dv https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bootstrap-sass/CVE-2019-8331.yml 38.4.0
2026-04-16T20:51:21.401343+00:00 GitLab Importer Affected by VCID-hqne-7h6h-3ff8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bootstrap-sass/CVE-2018-20677.yml 38.4.0
2026-04-16T20:51:18.979979+00:00 GitLab Importer Affected by VCID-br4c-7x9j-g3f6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bootstrap-sass/CVE-2018-20676.yml 38.4.0
2026-04-16T20:51:07.537611+00:00 GitLab Importer Affected by VCID-eh2s-9hss-yken https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bootstrap-sass/CVE-2016-10735.yml 38.4.0
2026-04-16T17:39:08.864339+00:00 Ruby Importer Affected by VCID-hbwg-ebvx-k7e1 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-14040.yml 38.4.0
2026-04-16T17:37:53.144124+00:00 Ruby Importer Affected by VCID-hqne-7h6h-3ff8 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-20677.yml 38.4.0
2026-04-16T17:37:52.889208+00:00 Ruby Importer Affected by VCID-br4c-7x9j-g3f6 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-20676.yml 38.4.0
2026-04-16T17:37:49.941211+00:00 Ruby Importer Affected by VCID-vfsr-kypp-wbea https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-14042.yml 38.4.0
2026-04-11T22:03:22.962186+00:00 GitLab Importer Affected by VCID-p87t-vvdx-b7dv https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bootstrap-sass/CVE-2019-8331.yml 38.3.0
2026-04-11T22:02:04.419355+00:00 GitLab Importer Affected by VCID-hqne-7h6h-3ff8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bootstrap-sass/CVE-2018-20677.yml 38.3.0
2026-04-11T22:02:01.687036+00:00 GitLab Importer Affected by VCID-br4c-7x9j-g3f6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bootstrap-sass/CVE-2018-20676.yml 38.3.0
2026-04-11T22:01:50.758949+00:00 GitLab Importer Affected by VCID-eh2s-9hss-yken https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bootstrap-sass/CVE-2016-10735.yml 38.3.0
2026-04-11T21:36:12.509991+00:00 Ruby Importer Affected by VCID-hbwg-ebvx-k7e1 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-14040.yml 38.3.0
2026-04-11T21:34:51.311431+00:00 Ruby Importer Affected by VCID-hqne-7h6h-3ff8 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-20677.yml 38.3.0
2026-04-11T21:34:51.057474+00:00 Ruby Importer Affected by VCID-br4c-7x9j-g3f6 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-20676.yml 38.3.0
2026-04-11T21:34:47.159811+00:00 Ruby Importer Affected by VCID-vfsr-kypp-wbea https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-14042.yml 38.3.0
2026-04-02T22:16:24.207547+00:00 GitLab Importer Affected by VCID-p87t-vvdx-b7dv https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bootstrap-sass/CVE-2019-8331.yml 38.1.0
2026-04-02T22:15:04.414038+00:00 GitLab Importer Affected by VCID-hqne-7h6h-3ff8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bootstrap-sass/CVE-2018-20677.yml 38.1.0
2026-04-02T22:15:02.051029+00:00 GitLab Importer Affected by VCID-br4c-7x9j-g3f6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bootstrap-sass/CVE-2018-20676.yml 38.1.0
2026-04-02T22:14:52.113367+00:00 GitLab Importer Affected by VCID-eh2s-9hss-yken https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bootstrap-sass/CVE-2016-10735.yml 38.1.0
2026-04-02T19:34:26.863787+00:00 Ruby Importer Affected by VCID-hbwg-ebvx-k7e1 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-14040.yml 38.1.0
2026-04-02T19:33:08.667882+00:00 Ruby Importer Affected by VCID-hqne-7h6h-3ff8 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-20677.yml 38.1.0
2026-04-02T19:33:08.437368+00:00 Ruby Importer Affected by VCID-br4c-7x9j-g3f6 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-20676.yml 38.1.0
2026-04-02T19:33:05.683625+00:00 Ruby Importer Affected by VCID-vfsr-kypp-wbea https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-14042.yml 38.1.0
2026-04-01T16:33:59.263967+00:00 GitLab Importer Affected by VCID-p87t-vvdx-b7dv https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bootstrap-sass/CVE-2019-8331.yml 38.0.0
2026-04-01T16:32:37.067687+00:00 GitLab Importer Affected by VCID-hqne-7h6h-3ff8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bootstrap-sass/CVE-2018-20677.yml 38.0.0
2026-04-01T16:32:34.644639+00:00 GitLab Importer Affected by VCID-br4c-7x9j-g3f6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bootstrap-sass/CVE-2018-20676.yml 38.0.0
2026-04-01T16:32:23.992508+00:00 GitLab Importer Affected by VCID-eh2s-9hss-yken https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bootstrap-sass/CVE-2016-10735.yml 38.0.0
2026-04-01T15:51:21.943548+00:00 Ruby Importer Affected by VCID-hbwg-ebvx-k7e1 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-14040.yml 38.0.0
2026-04-01T15:50:06.824746+00:00 Ruby Importer Affected by VCID-hqne-7h6h-3ff8 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-20677.yml 38.0.0
2026-04-01T15:50:06.540210+00:00 Ruby Importer Affected by VCID-br4c-7x9j-g3f6 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-20676.yml 38.0.0
2026-04-01T15:50:02.783070+00:00 Ruby Importer Affected by VCID-vfsr-kypp-wbea https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-14042.yml 38.0.0