Getbootstrap
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Getbootstrap product.
RSS Feeds for Getbootstrap security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in Getbootstrap products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by Getbootstrap Sorted by Most Security Vulnerabilities since 2018
By the Year
In 2025 there have been 0 vulnerabilities in Getbootstrap. Last year, in 2024 Getbootstrap had 1 security vulnerability published. Right now, Getbootstrap is on track to have less security vulnerabilities in 2025 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 0 | 0.00 |
| 2024 | 1 | 6.40 |
| 2023 | 0 | 0.00 |
| 2022 | 1 | 6.10 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 5 | 6.84 |
| 2018 | 3 | 6.10 |
It may take a day or so for new Getbootstrap vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Getbootstrap Security Vulnerabilities
| CVE | Date | Vulnerability | Products |
|---|---|---|---|
| CVE-2024-6485 | Jul 11, 2024 |
Bootstrap XSS via data-loading-text in Button pluginA security vulnerability has been discovered in bootstrap that could enable Cross-Site Scripting (XSS) attacks. The vulnerability is associated with the data-loading-text attribute within the button plugin. This vulnerability can be exploited by injecting malicious JavaScript code into the attribute, which would then be executed when the button's loading state is triggered. |
Bootstrap
|
| CVE-2022-26624 | Apr 08, 2022 |
Bootstrap v3.1.11 and v3.3.7 was discovered to contain a cross-site scripting (XSS) vulnerabilityBootstrap v3.1.11 and v3.3.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the Title parameter in /vendor/views/add_product.php. |
Bootstrap
|
| CVE-2019-10842 | Apr 04, 2019 |
Arbitrary code execution (via backdoor code) was discovered in bootstrap-sass 3.2.0.3, when downloaded from rubygems.orgArbitrary code execution (via backdoor code) was discovered in bootstrap-sass 3.2.0.3, when downloaded from rubygems.org. An unauthenticated attacker can craft the ___cfduid cookie value with base64 arbitrary code to be executed via eval(), which can be leveraged to execute arbitrary code on the target system. Note that there are three underscore characters in the cookie name. This is unrelated to the __cfduid cookie that is legitimately used by Cloudflare. |
Bootstrap Sass
|
| CVE-2019-8331 | Feb 20, 2019 |
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute. |
Bootstrap
|
| CVE-2018-20676 | Jan 09, 2019 |
In Bootstrap before 3.4.0In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute. |
Bootstrap
|
| CVE-2018-20677 | Jan 09, 2019 |
In Bootstrap before 3.4.0In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property. |
Bootstrap
|
| CVE-2016-10735 | Jan 09, 2019 |
In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041. |
Bootstrap
|
| CVE-2018-14040 | Jul 13, 2018 |
In Bootstrap before 4.1.2In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute. |
Bootstrap
|
| CVE-2018-14041 | Jul 13, 2018 |
In Bootstrap before 4.1.2In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy. |
Bootstrap
|
| CVE-2018-14042 | Jul 13, 2018 |
In Bootstrap before 4.1.2In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip. |
Bootstrap
|