Search for packages
| purl | pkg:npm/bootstrap-sass@2.0.4 |
| Tags | Ghost |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 3.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-eh2s-9hss-yken
Aliases: CVE-2016-10735 GHSA-4p24-vmcr-4gqj |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') In Bootstrap, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041. |
Affected by 2 other vulnerabilities. |
|
VCID-vfsr-kypp-wbea
Aliases: CVE-2018-14042 GHSA-7mvr-5x2g-wfc8 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') In Bootstrap, XSS is possible in the data-container property of tooltip. |
Affected by 2 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T15:57:14.106489+00:00 | GHSA Importer | Affected by | VCID-eh2s-9hss-yken | https://github.com/advisories/GHSA-4p24-vmcr-4gqj | 38.0.0 |
| 2026-04-01T15:56:40.133965+00:00 | GHSA Importer | Affected by | VCID-vfsr-kypp-wbea | https://github.com/advisories/GHSA-7mvr-5x2g-wfc8 | 38.0.0 |
| 2026-04-01T12:48:15.454923+00:00 | GitLab Importer | Affected by | VCID-eh2s-9hss-yken | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/bootstrap-sass/CVE-2016-10735.yml | 38.0.0 |
| 2026-04-01T12:47:57.705205+00:00 | GitLab Importer | Affected by | VCID-vfsr-kypp-wbea | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/bootstrap-sass/CVE-2018-14042.yml | 38.0.0 |