Search for packages
Package details: pkg:npm/bootstrap@3.4.1
purl pkg:npm/bootstrap@3.4.1
Next non-vulnerable version 4.0.0-alpha.2
Latest non-vulnerable version 5.0.0
Risk 3.1
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-d4k9-se4n-4fh9
Aliases:
CVE-2024-6484
GHSA-9mvj-f7w8-pvh2
Bootstrap Cross-Site Scripting (XSS) vulnerability A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the `data-slide` and `data-slide-to` attributes can be exploited through the href attribute of an `<a>` tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.
4.0.0-alpha.2
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-3ygq-cbu4-23ad Bootstrap Vulnerable to Cross-Site Scripting Versions of `bootstrap` prior to 3.4.1 for 3.x and 4.3.1 for 4.x are vulnerable to Cross-Site Scripting (XSS). The `data-template` attribute of the tooltip and popover plugins lacks input sanitization and may allow attacker to execute arbitrary JavaScript. ## Recommendation For `bootstrap` 4.x upgrade to 4.3.1 or later. For `bootstrap` 3.x upgrade to 3.4.1 or later. CVE-2019-8331
GHSA-9v3m-8fp8-mj99
GHSA-fxwm-579q-49qq
GHSA-wh77-3x4m-4q9g
VCID-87kn-rfhf-nbat Bootstrap Cross-Site Scripting (XSS) vulnerability for data-* attributes A security vulnerability has been discovered in bootstrap that could enable Cross-Site Scripting (XSS) attacks. The vulnerability is associated with the data-loading-text attribute within the button plugin. This vulnerability can be exploited by injecting malicious JavaScript code into the attribute, which would then be executed when the button's loading state is triggered. CVE-2024-6485
GHSA-vxmc-5x29-h64v

Date Actor Action Vulnerability Source VulnerableCode Version
2025-07-03T19:09:21.346472+00:00 GitLab Importer Affected by VCID-d4k9-se4n-4fh9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/bootstrap/CVE-2024-6484.yml 37.0.0
2025-07-03T19:09:21.227012+00:00 GitLab Importer Fixing VCID-87kn-rfhf-nbat https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/bootstrap/CVE-2024-6485.yml 37.0.0
2025-07-03T17:32:47.905817+00:00 GitLab Importer Fixing VCID-3ygq-cbu4-23ad https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/bootstrap/CVE-2019-8331.yml 37.0.0
2025-07-03T13:57:02.009775+00:00 GitLab Importer Affected by VCID-d4k9-se4n-4fh9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/bootstrap/CVE-2024-6484.yml 36.1.3
2025-07-03T13:57:01.989636+00:00 GitLab Importer Fixing VCID-87kn-rfhf-nbat https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/bootstrap/CVE-2024-6485.yml 36.1.3
2025-07-01T14:35:18.629462+00:00 GHSA Importer Fixing VCID-87kn-rfhf-nbat https://github.com/advisories/GHSA-vxmc-5x29-h64v 36.1.3
2025-07-01T14:35:18.548264+00:00 GHSA Importer Affected by VCID-d4k9-se4n-4fh9 https://github.com/advisories/GHSA-9mvj-f7w8-pvh2 36.1.3
2025-07-01T14:29:40.202785+00:00 GHSA Importer Fixing VCID-3ygq-cbu4-23ad https://github.com/advisories/GHSA-9v3m-8fp8-mj99 36.1.3
2025-07-01T12:21:58.684155+00:00 GithubOSV Importer Fixing VCID-3ygq-cbu4-23ad https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/02/GHSA-9v3m-8fp8-mj99/GHSA-9v3m-8fp8-mj99.json 36.1.3
2025-07-01T12:10:56.647782+00:00 GithubOSV Importer Fixing VCID-87kn-rfhf-nbat https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/07/GHSA-vxmc-5x29-h64v/GHSA-vxmc-5x29-h64v.json 36.1.3