Search for packages
Package details: pkg:gem/bootstrap@5.0.0
purl pkg:gem/bootstrap@5.0.0
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 3.1
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-d4k9-se4n-4fh9
Aliases:
CVE-2024-6484
GHSA-9mvj-f7w8-pvh2
Bootstrap Cross-Site Scripting (XSS) vulnerability A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the `data-slide` and `data-slide-to` attributes can be exploited through the href attribute of an `<a>` tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser. There are no reported fixed by versions.
VCID-qceg-ajt8-jfct
Aliases:
CVE-2024-6531
GHSA-vc8w-jr9v-vj7f
Bootstrap Cross-Site Scripting (XSS) vulnerability A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an <a> tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser. There are no reported fixed by versions.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-qceg-ajt8-jfct Bootstrap Cross-Site Scripting (XSS) vulnerability A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an <a> tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser. CVE-2024-6531
GHSA-vc8w-jr9v-vj7f

Date Actor Action Vulnerability Source VulnerableCode Version
2025-07-03T19:09:19.519908+00:00 GitLab Importer Fixing VCID-qceg-ajt8-jfct https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bootstrap/CVE-2024-6531.yml 37.0.0
2025-07-03T14:33:13.606116+00:00 Ruby Importer Affected by VCID-d4k9-se4n-4fh9 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap/CVE-2024-6484.yml 37.0.0
2025-07-03T14:33:13.440097+00:00 Ruby Importer Affected by VCID-qceg-ajt8-jfct https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap/CVE-2024-6531.yml 37.0.0
2025-07-03T13:57:01.835367+00:00 GitLab Importer Fixing VCID-qceg-ajt8-jfct https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bootstrap/CVE-2024-6531.yml 36.1.3
2025-07-01T14:35:18.738007+00:00 GHSA Importer Fixing VCID-qceg-ajt8-jfct https://github.com/advisories/GHSA-vc8w-jr9v-vj7f 36.1.3
2025-07-01T12:10:56.514973+00:00 GithubOSV Importer Fixing VCID-qceg-ajt8-jfct https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/07/GHSA-vc8w-jr9v-vj7f/GHSA-vc8w-jr9v-vj7f.json 36.1.3