VulnerableCode Package Details - pkg:npm/bootstrap@0.0.2

Search for packages

Package details: pkg:npm/bootstrap@0.0.2

Essentials
History (4)

purl	pkg:npm/bootstrap@0.0.2

Next non-vulnerable version	4.0.0-alpha.2
Latest non-vulnerable version	5.0.0
Risk

Vulnerabilities affecting this package (4)

Vulnerability	Summary	Fixed by
VCID-9gdn-vssr-m3d9 Aliases: CVE-2018-14042 GHSA-7mvr-5x2g-wfc8	Bootstrap Cross-site Scripting vulnerability In Bootstrap starting in version 2.3.0 and prior to versions 3.4.0 and 4.1.2, XSS is possible in the data-container property of tooltip. This is similar to CVE-2018-14041.	3.4.0 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.0.0-alpha.2 Affected by 0 other vulnerabilities. 4.1.2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-e8jt-6jum-n3az Aliases: CVE-2018-14040 GHSA-3wqf-4x89-9g79	Bootstrap vulnerable to Cross-Site Scripting (XSS) In Bootstrap starting in version 2.3.0 and prior to 3.4.0, as well as 4.x before 4.1.2, XSS is possible in the collapse data-parent attribute.	3.4.0 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.0.0-alpha.2 Affected by 0 other vulnerabilities. 4.1.2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-f43n-fgru-vqee Aliases: CVE-2018-20677 GHSA-ph58-4vrj-w6hr	bootstrap Cross-site Scripting vulnerability In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.	3.4.0 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-gmca-n7as-2yap Aliases: CVE-2018-20676 GHSA-3mgp-fx93-9xv5	XSS vulnerability that affects bootstrap In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.	3.4.0 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-07-03T17:31:11.101448+00:00	GitLab Importer	Affected by	VCID-f43n-fgru-vqee	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/bootstrap/CVE-2018-20677.yml	37.0.0
2025-07-03T17:31:09.521098+00:00	GitLab Importer	Affected by	VCID-gmca-n7as-2yap	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/bootstrap/CVE-2018-20676.yml	37.0.0
2025-07-03T17:27:59.444548+00:00	GitLab Importer	Affected by	VCID-e8jt-6jum-n3az	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/bootstrap/CVE-2018-14040.yml	37.0.0
2025-07-03T17:27:59.242361+00:00	GitLab Importer	Affected by	VCID-9gdn-vssr-m3d9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/bootstrap/CVE-2018-14042.yml	37.0.0