Search for packages
| purl | pkg:npm/bootstrap@3.0.0 |
| Next non-vulnerable version | 4.0.0-alpha.2 |
| Latest non-vulnerable version | 5.0.0 |
| Risk | 3.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-3ygq-cbu4-23ad
Aliases: CVE-2019-8331 GHSA-9v3m-8fp8-mj99 GHSA-fxwm-579q-49qq GHSA-wh77-3x4m-4q9g |
Bootstrap Vulnerable to Cross-Site Scripting Versions of `bootstrap` prior to 3.4.1 for 3.x and 4.3.1 for 4.x are vulnerable to Cross-Site Scripting (XSS). The `data-template` attribute of the tooltip and popover plugins lacks input sanitization and may allow attacker to execute arbitrary JavaScript. ## Recommendation For `bootstrap` 4.x upgrade to 4.3.1 or later. For `bootstrap` 3.x upgrade to 3.4.1 or later. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. |
|
VCID-w6v5-nfgx-rbbx
Aliases: CVE-2016-10735 GHSA-4p24-vmcr-4gqj |
Bootstrap Cross-site Scripting vulnerability In Bootstrap 2.x from 2.0.4, 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute. Note that this is a different vulnerability than CVE-2018-14041. See https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/ for more info. |
Affected by 3 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-07-01T18:11:29.986444+00:00 | GitLab Importer | Affected by | VCID-3ygq-cbu4-23ad | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/bootstrap/CVE-2019-8331.yml | 36.1.3 |
| 2025-07-01T18:11:25.806130+00:00 | GitLab Importer | Affected by | VCID-w6v5-nfgx-rbbx | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/bootstrap/CVE-2016-10735.yml | 36.1.3 |
| 2025-07-01T14:29:40.200430+00:00 | GHSA Importer | Affected by | VCID-3ygq-cbu4-23ad | https://github.com/advisories/GHSA-9v3m-8fp8-mj99 | 36.1.3 |