Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:gem/twitter-bootstrap-rails@2.2.4
purl pkg:gem/twitter-bootstrap-rails@2.2.4
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 3.1
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-6kww-bg82-13f3
Aliases:
CVE-2014-4920
GHSA-vpqv-mqvc-pcx2
OSV-109206
Reflective XSS Vulnerability The gem contains a flaw that enables a reflected cross-site scripting (XSS) attack. This flaw exists because the bootstrap_flash helper method does not validate input when handling flash messages before returning it to users. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.
3.2.0
Affected by 1 other vulnerability.
VCID-p87t-vvdx-b7dv
Aliases:
CVE-2019-8331
GHSA-9v3m-8fp8-mj99
GHSA-fxwm-579q-49qq
GHSA-wh77-3x4m-4q9g
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') In Bootstrap, XSS is possible in the tooltip or popover data-template attribute. There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T20:52:35.831655+00:00 GitLab Importer Affected by VCID-p87t-vvdx-b7dv https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/twitter-bootstrap-rails/CVE-2019-8331.yml 38.4.0
2026-04-16T20:31:20.179433+00:00 GitLab Importer Affected by VCID-6kww-bg82-13f3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/twitter-bootstrap-rails/CVE-2014-4920.yml 38.4.0
2026-04-16T17:35:37.867591+00:00 Ruby Importer Affected by VCID-6kww-bg82-13f3 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/twitter-bootstrap-rails/CVE-2014-4920.yml 38.4.0
2026-04-11T22:03:24.807419+00:00 GitLab Importer Affected by VCID-p87t-vvdx-b7dv https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/twitter-bootstrap-rails/CVE-2019-8331.yml 38.3.0
2026-04-11T21:41:41.867095+00:00 GitLab Importer Affected by VCID-6kww-bg82-13f3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/twitter-bootstrap-rails/CVE-2014-4920.yml 38.3.0
2026-04-11T21:32:22.875801+00:00 Ruby Importer Affected by VCID-6kww-bg82-13f3 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/twitter-bootstrap-rails/CVE-2014-4920.yml 38.3.0
2026-04-02T22:16:26.096722+00:00 GitLab Importer Affected by VCID-p87t-vvdx-b7dv https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/twitter-bootstrap-rails/CVE-2019-8331.yml 38.1.0
2026-04-02T21:55:53.908813+00:00 GitLab Importer Affected by VCID-6kww-bg82-13f3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/twitter-bootstrap-rails/CVE-2014-4920.yml 38.1.0
2026-04-02T19:30:56.376365+00:00 Ruby Importer Affected by VCID-6kww-bg82-13f3 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/twitter-bootstrap-rails/CVE-2014-4920.yml 38.1.0
2026-04-01T16:34:01.353556+00:00 GitLab Importer Affected by VCID-p87t-vvdx-b7dv https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/twitter-bootstrap-rails/CVE-2019-8331.yml 38.0.0
2026-04-01T16:13:03.434908+00:00 GitLab Importer Affected by VCID-6kww-bg82-13f3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/twitter-bootstrap-rails/CVE-2014-4920.yml 38.0.0
2026-04-01T15:47:45.005730+00:00 Ruby Importer Affected by VCID-6kww-bg82-13f3 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/twitter-bootstrap-rails/CVE-2014-4920.yml 38.0.0