getbootstrap CVE Vulnerabilities & Metrics

Focus on getbootstrap vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About getbootstrap Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with getbootstrap. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total getbootstrap CVEs: 9
Earliest CVE date: 13 Jul 2018, 14:29 UTC
Latest CVE date: 11 Jul 2024, 17:15 UTC

Latest CVE reference: CVE-2024-6484

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 1

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical getbootstrap CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 4.46

Max CVSS: 10.0

Critical CVEs (≥9): 1

CVSS Range vs. Count

Range	Count
0.0-3.9	1
4.0-6.9	7
7.0-8.9	0
9.0-10.0	1

CVSS Distribution Chart

Top 5 Highest CVSS getbootstrap CVEs

These are the five CVEs with the highest CVSS scores for getbootstrap, sorted by severity first and recency.

CVE-2019-10842 getbootstrap Published on 04 Apr 2019, 04:29 UTC (CVSS: 10.0)
Arbitrary code execution (via backdoor code) was discovered in bootstrap-sass 3.2.0.3, when downloaded from rubygems.org. An unauthenticated attacker can craft the ___cfduid cookie value with base64 arbitrary code to be executed via eval(), which can be leveraged to execute arbitrary code on the target system. Note that there are three underscore characters in the cookie name. This is unrelated...
CVE-2019-8331 getbootstrap Published on 20 Feb 2019, 16:29 UTC (CVSS: 4.3)
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
CVE-2018-20677 getbootstrap Published on 09 Jan 2019, 05:29 UTC (CVSS: 4.3)
In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.
CVE-2018-20676 getbootstrap Published on 09 Jan 2019, 05:29 UTC (CVSS: 4.3)
In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.
CVE-2016-10735 getbootstrap Published on 09 Jan 2019, 05:29 UTC (CVSS: 4.3)
In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.

All CVEs for getbootstrap

CVE-2024-6484 getbootstrap vulnerability CVSS: 0 11 Jul 2024, 17:15 UTC

A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an <a> tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.

CVE-2019-10842 getbootstrap vulnerability CVSS: 10.0 04 Apr 2019, 04:29 UTC

Arbitrary code execution (via backdoor code) was discovered in bootstrap-sass 3.2.0.3, when downloaded from rubygems.org. An unauthenticated attacker can craft the ___cfduid cookie value with base64 arbitrary code to be executed via eval(), which can be leveraged to execute arbitrary code on the target system. Note that there are three underscore characters in the cookie name. This is unrelated to the __cfduid cookie that is legitimately used by Cloudflare.

CVE-2019-8331 getbootstrap vulnerability CVSS: 4.3 20 Feb 2019, 16:29 UTC

In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.

CVE-2018-20677 getbootstrap vulnerability CVSS: 4.3 09 Jan 2019, 05:29 UTC

In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.

CVE-2018-20676 getbootstrap vulnerability CVSS: 4.3 09 Jan 2019, 05:29 UTC

In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.

CVE-2016-10735 getbootstrap vulnerability CVSS: 4.3 09 Jan 2019, 05:29 UTC

In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.

CVE-2018-14042 getbootstrap vulnerability CVSS: 4.3 13 Jul 2018, 14:29 UTC

In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.

CVE-2018-14041 getbootstrap vulnerability CVSS: 4.3 13 Jul 2018, 14:29 UTC

In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy.

CVE-2018-14040 getbootstrap vulnerability CVSS: 4.3 13 Jul 2018, 14:29 UTC

In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.