Version 5.3.3

bootstrap

The most popular HTML, CSS, and JavaScript framework for developing responsive, mobile first projects on the web. http://getbootstrap.com

Install Instructions

gem install bootstrap
Current Version Release Date April 20, 2025
Language Ruby
Package URL (purl) pkg:gem/bootstrap@5.3.3

Find bootstrap vulnerabilities in your supply chain.

Scan for Free

bootstrap Vulnerabilities

Sort by
icon CVE (Latest)
  • icon CVE (Latest)
  • icon CVE (Oldest)
  • icon CVSS Score (Highest)
  • icon CVSS Score (Lowest)
CVE question mark icon CVSS Score question mark icon CWE(s) question mark icon EPSS Score question mark icon EPSS % question mark icon Impacted Versions
CVE-2018-14040 Medium 6.1 CWE-79 0.01665 0.80402
  • 4.0.0–4.1.1
CVE-2018-14041 Medium 6.1 CWE-79 0.08019 0.91308
  • 4.0.0–4.1.1
CVE-2018-14042 Medium 6.1 CWE-79 0.01732 0.80791
  • 4.0.0–4.1.1
CVE-2019-8331 Medium 6.1 CWE-79 0.02355 0.83478
  • 4.0.0–4.3.0
CVE-2024-6531 Medium 6.4 CWE-79 0.00235 0.43612
  • 4.0.0–4.6.2
CVE-2024-6484 Medium 6.4 CWE-79 0.00113 0.26811
  • 4.0.0.alpha1–4.0.0.beta3
CVE-2016-10735 Medium 6.1 CWE-79 0.06152 0.89889
  • 4.0.0.alpha1–4.0.0.beta

bootstrap Vulnerability Remediation Guidance

CVE Description Full list of Impacted Versions Fix
CVE-2024-6531 A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an <a> tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser. 4.1.1, 4.1.0, 4.1.3, 4.1.2, 4.0.0, 4.3.0, 4.2.1, 4.6.2 (Show all) Patch → 4.6.2.1
CVE-2024-6484 A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an <a> tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser. 4.0.0.beta3, 4.0.0.alpha5, 4.0.0.beta, 4.0.0.alpha3.1, 4.0.0.alpha4, 4.0.0.alpha3, 4.0.0.alpha6, 4.0.0.alpha2 (Show all) Patch → 4.6.2.1
CVE-2019-8331 In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute. 4.1.1, 4.0.0.beta3, 4.0.0.alpha5, 4.0.0.beta, 4.0.0.alpha3.1, 4.0.0.alpha4, 4.1.0, 4.0.0.alpha3 (Show all) Patch → 4.6.2.1
CVE-2018-14042 In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip. 4.1.1, 4.0.0.beta3, 4.0.0.alpha5, 4.0.0.beta, 4.0.0.alpha3.1, 4.0.0.alpha4, 4.1.0, 4.0.0.alpha3 (Show all) Patch → 4.6.2.1
CVE-2018-14041 In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy. 4.1.1, 4.1.0, 4.0.0 Patch → 4.6.2.1
CVE-2018-14040 In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute. 4.1.1, 4.1.0, 4.0.0 Patch → 4.6.2.1
CVE-2016-10735 In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041. 4.0.0.alpha5, 4.0.0.beta, 4.0.0.alpha3.1, 4.0.0.alpha4, 4.0.0.alpha3, 4.0.0.alpha6, 4.0.0.alpha2, 4.0.0.alpha1 Patch → 4.6.2.1

Instantly see if these bootstrap vulnerabilities affect your code.

Scan for Free

Dependencies

Packages using versions of bootstrap affected by its vulnerabilities

Dependent Packages
popper_js>= 2.11.8, < 3