Search for packages
Package details: pkg:composer/twbs/bootstrap@3.0.0-rc.2
purl pkg:composer/twbs/bootstrap@3.0.0-rc.2
Next non-vulnerable version 4.0.0-alpha
Latest non-vulnerable version 5.0.0
Risk 3.1
Vulnerabilities affecting this package (6)
Vulnerability Summary Fixed by
VCID-9gdn-vssr-m3d9
Aliases:
CVE-2018-14042
GHSA-7mvr-5x2g-wfc8
Bootstrap Cross-site Scripting vulnerability In Bootstrap starting in version 2.3.0 and prior to versions 3.4.0 and 4.1.2, XSS is possible in the data-container property of tooltip. This is similar to CVE-2018-14041.
3.4.0
Affected by 2 other vulnerabilities.
4.0.0-alpha
Affected by 0 other vulnerabilities.
4.1.2
Affected by 2 other vulnerabilities.
VCID-d4k9-se4n-4fh9
Aliases:
CVE-2024-6484
GHSA-9mvj-f7w8-pvh2
Bootstrap Cross-Site Scripting (XSS) vulnerability A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the `data-slide` and `data-slide-to` attributes can be exploited through the href attribute of an `<a>` tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.
4.0.0-alpha
Affected by 0 other vulnerabilities.
VCID-e8jt-6jum-n3az
Aliases:
CVE-2018-14040
GHSA-3wqf-4x89-9g79
Bootstrap vulnerable to Cross-Site Scripting (XSS) In Bootstrap starting in version 2.3.0 and prior to 3.4.0, as well as 4.x before 4.1.2, XSS is possible in the collapse data-parent attribute.
3.4.0
Affected by 2 other vulnerabilities.
4.1.2
Affected by 2 other vulnerabilities.
VCID-f43n-fgru-vqee
Aliases:
CVE-2018-20677
GHSA-ph58-4vrj-w6hr
bootstrap Cross-site Scripting vulnerability In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.
3.4.0
Affected by 2 other vulnerabilities.
VCID-gmca-n7as-2yap
Aliases:
CVE-2018-20676
GHSA-3mgp-fx93-9xv5
XSS vulnerability that affects bootstrap In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.
3.4.0
Affected by 2 other vulnerabilities.
VCID-w6v5-nfgx-rbbx
Aliases:
CVE-2016-10735
GHSA-4p24-vmcr-4gqj
Bootstrap Cross-site Scripting vulnerability In Bootstrap 2.x from 2.0.4, 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute. Note that this is a different vulnerability than CVE-2018-14041. See https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/ for more info.
3.4.0
Affected by 2 other vulnerabilities.
4.0.0-beta.2
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2025-07-03T19:09:23.194965+00:00 GitLab Importer Affected by VCID-d4k9-se4n-4fh9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twbs/bootstrap/CVE-2024-6484.yml 37.0.0
2025-07-03T18:16:47.648237+00:00 GitLab Importer Affected by VCID-e8jt-6jum-n3az https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twbs/bootstrap/CVE-2018-14040.yml 37.0.0
2025-07-03T17:31:18.472412+00:00 GitLab Importer Affected by VCID-w6v5-nfgx-rbbx https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twbs/bootstrap/CVE-2016-10735.yml 37.0.0
2025-07-03T17:31:17.889161+00:00 GitLab Importer Affected by VCID-f43n-fgru-vqee https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twbs/bootstrap/CVE-2018-20677.yml 37.0.0
2025-07-03T17:31:15.894321+00:00 GitLab Importer Affected by VCID-gmca-n7as-2yap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twbs/bootstrap/CVE-2018-20676.yml 37.0.0
2025-07-03T17:28:55.063856+00:00 GitLab Importer Affected by VCID-9gdn-vssr-m3d9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twbs/bootstrap/CVE-2018-14042.yml 37.0.0