Search for packages
Package details: pkg:npm/bootstrap@4.1.2
purl pkg:npm/bootstrap@4.1.2
Next non-vulnerable version 4.3.1
Latest non-vulnerable version 5.0.0
Risk
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-3ygq-cbu4-23ad
Aliases:
CVE-2019-8331
GHSA-9v3m-8fp8-mj99
GHSA-fxwm-579q-49qq
GHSA-wh77-3x4m-4q9g
Bootstrap Vulnerable to Cross-Site Scripting Versions of `bootstrap` prior to 3.4.1 for 3.x and 4.3.1 for 4.x are vulnerable to Cross-Site Scripting (XSS). The `data-template` attribute of the tooltip and popover plugins lacks input sanitization and may allow attacker to execute arbitrary JavaScript. ## Recommendation For `bootstrap` 4.x upgrade to 4.3.1 or later. For `bootstrap` 3.x upgrade to 3.4.1 or later.
4.3.1
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (3)
Vulnerability Summary Aliases
VCID-9gdn-vssr-m3d9 Bootstrap Cross-site Scripting vulnerability In Bootstrap starting in version 2.3.0 and prior to versions 3.4.0 and 4.1.2, XSS is possible in the data-container property of tooltip. This is similar to CVE-2018-14041. CVE-2018-14042
GHSA-7mvr-5x2g-wfc8
VCID-e8jt-6jum-n3az Bootstrap vulnerable to Cross-Site Scripting (XSS) In Bootstrap starting in version 2.3.0 and prior to 3.4.0, as well as 4.x before 4.1.2, XSS is possible in the collapse data-parent attribute. CVE-2018-14040
GHSA-3wqf-4x89-9g79
VCID-u34g-yks8-hbay Bootstrap Cross-site Scripting vulnerability In Bootstrap 4.x before 4.1.2, XSS is possible in the data-target property of scrollspy. This is similar to CVE-2018-14042. CVE-2018-14041
GHSA-pj7m-g53m-7638

Date Actor Action Vulnerability Source VulnerableCode Version
2025-07-03T17:32:47.919057+00:00 GitLab Importer Affected by VCID-3ygq-cbu4-23ad https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/bootstrap/CVE-2019-8331.yml 37.0.0
2025-07-03T17:28:00.613618+00:00 GitLab Importer Fixing VCID-u34g-yks8-hbay https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/bootstrap/CVE-2018-14041.yml 37.0.0
2025-07-03T17:27:59.484034+00:00 GitLab Importer Fixing VCID-e8jt-6jum-n3az https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/bootstrap/CVE-2018-14040.yml 37.0.0
2025-07-03T17:27:59.281602+00:00 GitLab Importer Fixing VCID-9gdn-vssr-m3d9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/bootstrap/CVE-2018-14042.yml 37.0.0
2025-07-01T18:11:02.427431+00:00 GitLab Importer Fixing VCID-u34g-yks8-hbay https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/bootstrap/CVE-2018-14041.yml 36.1.3
2025-07-01T18:11:02.272297+00:00 GitLab Importer Fixing VCID-e8jt-6jum-n3az https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/bootstrap/CVE-2018-14040.yml 36.1.3
2025-07-01T18:11:02.248382+00:00 GitLab Importer Fixing VCID-9gdn-vssr-m3d9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/bootstrap/CVE-2018-14042.yml 36.1.3
2025-07-01T14:32:03.686417+00:00 GHSA Importer Fixing VCID-e8jt-6jum-n3az https://github.com/advisories/GHSA-3wqf-4x89-9g79 36.1.3
2025-07-01T14:29:13.241658+00:00 GHSA Importer Fixing VCID-9gdn-vssr-m3d9 https://github.com/advisories/GHSA-7mvr-5x2g-wfc8 36.1.3
2025-07-01T14:29:13.005643+00:00 GHSA Importer Fixing VCID-u34g-yks8-hbay https://github.com/advisories/GHSA-pj7m-g53m-7638 36.1.3
2025-07-01T12:29:04.321156+00:00 GithubOSV Importer Fixing VCID-e8jt-6jum-n3az https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-3wqf-4x89-9g79/GHSA-3wqf-4x89-9g79.json 36.1.3
2025-07-01T12:21:11.182836+00:00 GithubOSV Importer Fixing VCID-u34g-yks8-hbay https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/09/GHSA-pj7m-g53m-7638/GHSA-pj7m-g53m-7638.json 36.1.3
2025-07-01T12:21:10.059915+00:00 GithubOSV Importer Fixing VCID-9gdn-vssr-m3d9 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/09/GHSA-7mvr-5x2g-wfc8/GHSA-7mvr-5x2g-wfc8.json 36.1.3