Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

bootstrap

Ecosystem:
npm
Package URL:
pkg:npm/bootstrap
Total PRs:
3,446 Dependabot PRs
Latest PR:
about 3 hours ago
Unique Repositories:
1,787 repositories
Unique Repos (30 days):
717 repositories
Security Advisories
XSS vulnerability that affects bootstrap
GHSA-3mgp-fx93-9xv5 CVE-2018-20676 MODERATE published over 6 years ago • updated 26 days ago
In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.
Bootstrap Cross-site Scripting vulnerability
GHSA-4p24-vmcr-4gqj CVE-2016-10735 MODERATE published over 6 years ago • updated about 1 month ago
In Bootstrap 2.x from 2.0.4, 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute. Note that this is a d...
Bootstrap Vulnerable to Cross-Site Scripting
GHSA-9v3m-8fp8-mj99 CVE-2019-8331 MODERATE published over 6 years ago • updated about 1 month ago
Versions of `bootstrap` prior to 3.4.1 for 3.x and 4.3.1 for 4.x are vulnerable to Cross-Site Scripting (XSS). The `data-template` attribute of th...
bootstrap Cross-site Scripting vulnerability
GHSA-ph58-4vrj-w6hr CVE-2018-20677 MODERATE published over 6 years ago • updated about 1 month ago
In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.
Moderate severity vulnerability that affects bootstrap and bootstrap-sass
GHSA-wh77-3x4m-4q9g CVE-2019-8331 MODERATE published over 6 years ago • updated 3 months ago
In Bootstrap 4 before 4.3.1 and Bootstrap 3 before 3.4.1, XSS is possible in the tooltip or popover data-template attribute. For more information, ...
View all 11 advisories
Recent PRs
RSS Feed
Bump bootstrap from 4.5.0 to 5.0.0

stevenriggs/react-table #14

4.5.0 → 5.0.0 Major PR
Open about 3 hours ago
stevenriggs
Bump bootstrap from 4.4.1 to 5.0.0

stevenriggs/react-bootstrap-layout #12

4.4.1 → 5.0.0 Major PR
Open about 3 hours ago
stevenriggs
build(deps): update bootstrap requirement from ^5.3.6 to ^5.3.8 in the prod-deps group

Scyl14/blog #2

^5.3.6 → ^5.3.8 Patch PR
Open about 4 hours ago 1 comment
Scyl14
Bump the js-production-dependencies group across 1 directory with 40 updates

texpert/rails_6_rss_reader #5169

5.3.7 → 5.3.8 Patch PR
Open about 8 hours ago
texpert
Bump bootstrap from 4.5.2 to 5.0.0

sofiavault/noicefluid #10

4.5.2 → 5.0.0 Major PR
Open about 16 hours ago
sofiavault
Bump the all-ui-deps group across 1 directory with 72 updates

phuongnq/studio-ui #70

5.3.6 → 5.3.8 Patch PR
Open about 17 hours ago
phuongnq
Bump the all-ui-deps group across 1 directory with 46 updates

craftercms/studio-ui #4625

5.3.7 → 5.3.8 Patch PR
Open about 17 hours ago
craftercms
Update bootstrap requirement from ^5.3.6 to ^5.3.8 in the prod-deps group

jminrangnews/jminrangnews.github.io #2

^5.3.6 → ^5.3.8 Patch PR
Open about 20 hours ago
jminrangnews
Bump the prod-dependencies group in /src/Asm.MooBank.Web.App with 12 updates

AndrewMcLachlan/MooBank #553

5.3.7 → 5.3.8 Patch PR
Merged 1 day ago
AndrewMcLachlan
Bump bootstrap from 5.3.7 to 5.3.8

canterbury-air-patrol/scenario-weighting-worksheet #362

5.3.7 → 5.3.8 Patch PR
Merged 1 day ago
canterbury-air-patrol
Bump bootstrap from 5.3.7 to 5.3.8 in /src/frontend

Hariraghav2003/MERN-CRUD-APP #47

5.3.7 → 5.3.8 Patch PR
Open 1 day ago
Hariraghav2003
npm(deps): bump bootstrap from 5.3.7 to 5.3.8 in /frontend

Nocfer1/frontendConsulMedic #11

5.3.7 → 5.3.8 Patch PR
Open 1 day ago 1 comment
Nocfer1
Bump bootstrap from 5.3.7 to 5.3.8

canterbury-air-patrol/sar-search-runner #236

5.3.7 → 5.3.8 Patch PR
Merged 1 day ago
canterbury-air-patrol
Bump the npm_and_yarn group across 1 directory with 18 updates

Chukwuemeka-Test-Org/test-repo-0-174769878_herein #149

3.3.6 → 5.0.0 Major PR
Open 1 day ago
Chukwuemeka-Test-Org
Bump bootstrap from 5.3.6 to 5.3.8

CGAL/cgal-web #72

5.3.6 → 5.3.8 Patch PR
Open 1 day ago
CGAL
Bump the npm group in /Web with 6 updates

cooljeanius/Imgbot #293

5.3.7 → 5.3.8 Patch PR
Open 1 day ago
cooljeanius
Bump bootstrap from 5.3.7 to 5.3.8

nathandeflavis/react_budget_app #49

5.3.7 → 5.3.8 Patch PR
Open 1 day ago
nathandeflavis
chore(deps): bump bootstrap from 5.3.7 to 5.3.8

takanotume24/Cuuri #343

5.3.7 → 5.3.8 Patch PR
Open 1 day ago
takanotume24
:arrow_up: upgrade: Bump bootstrap from 5.3.7 to 5.3.8

Stenstromen/axfr-frontend #59

5.3.7 → 5.3.8 Patch PR
Open 1 day ago
Stenstromen
Bump bootstrap from 5.3.2 to 5.3.8

jamie-taylor-rjj/Recruitment-Glossary #325

5.3.2 → 5.3.8 Patch PR
Open 1 day ago 1 comment
jamie-taylor-rjj
npm-dev(deps-dev): Bump bootstrap from 5.3.7 to 5.3.8

jchoquecota-sys/biodiversity-management #5

5.3.7 → 5.3.8 Patch PR
Open 1 day ago 1 comment
jchoquecota-sys
deps(deps): bump bootstrap from 5.3.7 to 5.3.8 in /website

AppOutlet/GetDisCorkie #57

5.3.7 → 5.3.8 Patch PR
Open 1 day ago 1 comment
AppOutlet
Update bootstrap requirement from ^5.3.7 to ^5.3.8 in the prod-deps group

hxxdev/hxxdev.github.io #20

^5.3.7 → ^5.3.8 Patch PR
Merged 1 day ago
hxxdev
build(deps): bump the minor-and-patch group with 3 updates

gyrinx-app/gyrinx #958

5.3.7 → 5.3.8 Patch PR
Merged 1 day ago 1 comment
gyrinx-app
Bump bootstrap from 5.3.6 to 5.3.8

Kev-BB/LogosSphere #32

5.3.6 → 5.3.8 Patch PR
Open 1 day ago 1 comment
Kev-BB
Bump the minor-patch group with 27 updates

composer/satis #1032

5.3.7 → 5.3.8 Patch PR
Merged 1 day ago
composer
Bump bootstrap from 4.6.2 to 5.3.8 in /app

DATAGerry/DataGerry #1507

4.6.2 → 5.3.8 Major PR
Open 1 day ago 1 comment
DataGerry
Bump bootstrap from 5.3.7 to 5.3.8

WWBN/AVideo #10180

5.3.7 → 5.3.8 Patch PR
Merged 1 day ago
WWBN
chore(deps):(deps): bump bootstrap from 5.3.7 to 5.3.8

jcorrius/jcorrius.github.io #41

5.3.7 → 5.3.8 Patch PR
Merged 1 day ago
jcorrius
build(deps): bump bootstrap from 4.6.2 to 5.3.8 in /web

bcgov/jasper #488

4.6.2 → 5.3.8 Major PR
Open 1 day ago 3 comments
bcgov
Bump bootstrap from 3.4.1 to 5.3.8

urlaubsverwaltung/urlaubsverwaltung #5584

3.4.1 → 5.3.8 Major PR
Open 1 day ago
urlaubsverwaltung
DEPENDABOT VERSION UPDATES: Bump bootstrap from 5.3.1 to 5.3.8 in /frontend

ghas-labs-2025-08-27-brianc-ghas-labs/mona-gallery #7

5.3.1 → 5.3.8 Patch PR
Open 1 day ago 1 comment
ghas-labs-2025-08-27-brianc-ghas-labs
DEPENDABOT VERSION UPDATES: Bump bootstrap from 5.3.1 to 5.3.8 in /frontend

advanced-security-trainings/mona-demo #45

5.3.1 → 5.3.8 Patch PR
Open 1 day ago 1 comment
advanced-security-trainings
chore(deps): bump bootstrap from 5.3.7 to 5.3.8 in /client

sloweyyy/cloud-native-ecommerce-platform #71

5.3.7 → 5.3.8 Patch PR
Open 1 day ago 1 comment
sloweyyy
chore(deps): update bootstrap requirement from ^5.3.7 to ^5.3.8 in the prod-deps group

jisoo0609/jisoo0609.github.io #8

^5.3.7 → ^5.3.8 Patch PR
Open 1 day ago
jisoo0609
build(deps): bump the production-dependencies group across 1 directory with 3 updates

eclipse-tractusx/portal-frontend-registration #420

5.3.7 → 5.3.8 Patch PR
Open 1 day ago
eclipse-tractusx
Bump bootstrap from 5.3.7 to 5.3.8

Niema-Lab/ViralWasm-Consensus #209

5.3.7 → 5.3.8 Patch PR
Open 1 day ago
Niema-Lab
build(deps): bump bootstrap from 5.3.3 to 5.3.8

felipelssilva/felipeluis.github.io #417

5.3.3 → 5.3.8 Patch PR
Open 1 day ago
felipelssilva
Bump bootstrap from 5.3.7 to 5.3.8 in /src

melvyndekort/mdekort-nl #121

5.3.7 → 5.3.8 Patch PR
Merged 1 day ago
melvyndekort
build(deps-dev): bump bootstrap from 5.3.7 to 5.3.8

1995parham-teaching/ie-lecture #113

5.3.7 → 5.3.8 Patch PR
Open 1 day ago 1 comment
1995parham-teaching
build(deps): bump bootstrap from 5.3.7 to 5.3.8

canterbury-air-patrol/search-management-map #717

5.3.7 → 5.3.8 Patch PR
Open 1 day ago
canterbury-air-patrol
Bump the dependencies group with 17 updates

aditya-arcot/Poetry-for-Neanderthals #9

5.3.7 → 5.3.8 Patch PR
Merged 1 day ago
aditya-arcot
Bump the npm group with 9 updates

akrherz/iemvtec #33

5.3.7 → 5.3.8 Patch PR
Open 1 day ago
akrherz
Bump bootstrap from 5.3.5 to 5.3.8 in /barbergo-frontend

jose3284/backend #26

5.3.5 → 5.3.8 Patch PR
Open 1 day ago 1 comment
jose3284
Bump the client-dependencies group in /client with 17 updates

aditya-arcot/WealthWatch #327

5.3.7 → 5.3.8 Patch PR
Merged 1 day ago
aditya-arcot
build(deps): update bootstrap requirement from ^5.3.7 to ^5.3.8 in the prod-deps group

sykimtropical/sykimtropical.github.io #14

^5.3.7 → ^5.3.8 Patch PR
Merged 1 day ago
sykimtropical
Bump bootstrap from 5.3.3 to 5.3.8 in /web-client

delyoussoufi/test_2 #36

5.3.3 → 5.3.8 Patch PR
Open 1 day ago
delyoussoufi
Bump bootstrap from 5.3.6 to 5.3.8

OCTRI/ucedd-dashboard #69

5.3.6 → 5.3.8 Patch PR
Open 1 day ago
OCTRI
Bump bootstrap from 5.3.7 to 5.3.8

jbosstm/narayana.io #341

5.3.7 → 5.3.8 Patch PR
Merged 1 day ago
jbosstm
Bump the all-ui-deps group across 1 directory with 71 updates

phuongnq/studio-ui #69

5.3.6 → 5.3.8 Patch PR
Closed 1 day ago 1 comment
phuongnq
Package Details
Name: bootstrap
Ecosystem: npm
PURL Type: npm
Package URL: pkg:npm/bootstrap
JSON API: View JSON
Security Advisories

11

Active advisories
MODERATE 11
View All npm Advisories
Package Information
Description:

The most popular front-end framework for developing responsive, mobile first projects on the web.

Repository: https://github.com/twbs/bootstrap
Homepage: https://getbootstrap.com/
Latest Release: 5.3.6
4 months ago
Dependent Repos: 874,564
Dependent Packages: 17,952
Downloads: 20,752,506
Ranking: Top 0.0383% by dependent repos Top 0.0595% by downloads Top 0.0059% by dependent pkgs
PR Status
Open 1,639 (47.6%)
Merged 708 (20.6%)
Closed 712 (20.7%)
PR Types
Major 627 (18.2%)
Patch 2,177 (63.2%)
Minor 255 (7.4%)