[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2018-20676":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T20:55:29.923Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":44,"aliases":45,"duplicate_of":9,"upstream":47,"downstream":48,"duplicates":67,"related":68,"reserved_at":9,"published_at":71,"modified_at":72,"state":73,"summary":74,"references_raw":83,"kevs":181,"epss":182,"epss_history":185,"metrics":437,"affected":454},"CVE-2018-20676","In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-79","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.","weakness","Stable","Base","High",[20,24,28,32,36,40],{"id":21,"name":22,"techniques":23},"CAPEC-209","XSS Using MIME Type Mismatch",[],{"id":25,"name":26,"techniques":27},"CAPEC-588","DOM-Based XSS",[],{"id":29,"name":30,"techniques":31},"CAPEC-591","Reflected XSS",[],{"id":33,"name":34,"techniques":35},"CAPEC-592","Stored XSS",[],{"id":37,"name":38,"techniques":39},"CAPEC-63","Cross-Site Scripting (XSS)",[],{"id":41,"name":42,"techniques":43},"CAPEC-85","AJAX Footprinting",[],[],[46],"GHSA-3mgp-fx93-9xv5",[],[49,51,53,55,57,59,61,63,65],{"_key":50},"DEBIAN-CVE-2018-20676",{"_key":52},"RHBA-2019:1076",{"_key":54},"RHBA-2019:1570",{"_key":56},"RHSA-2019:3023",{"_key":58},"RHSA-2020:3936",{"_key":60},"RHSA-2020:4670",{"_key":62},"RHSA-2020:5571",{"_key":64},"RHSA-2023:5693",{"_key":66},"UBUNTU-CVE-2018-20676",[],[69],{"_key":70},"CGA-FHR2-585V-HJ6M","2019-01-09T05:00:00.000Z","2024-08-05T12:05:17.824Z","Modified",{"cisa_kev":75,"cisa_ransomware":75,"cisa_vendor":9,"epss_severity":76,"epss_score":77,"severity":78,"severity_score":79,"severity_version":80,"severity_source":81,"severity_vector":82,"severity_status":73},false,"low",0.05541,"medium",6.1,"v3.0","nvd","CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",[84,96,100,105,110,114,120,124,128,132,136,140,146,151,156,160,164,169,173,177],{"url":85,"sources":86,"tags":91},"https://github.com/twbs/bootstrap/issues/27044",[87,81,88,89,90],"cve.org","osv_npm","osv_maven","osv_nuget",[92,93,94,95],"X Refsource MISC","Issue Tracking","Third Party Advisory","WEB",{"url":97,"sources":98,"tags":99},"https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906",[87,81,88,89,90],[92,93,94,95],{"url":101,"sources":102,"tags":103},"https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/",[87,81],[92,104,94],"Release Notes",{"url":106,"sources":107,"tags":108},"https://github.com/twbs/bootstrap/pull/27047",[87,81,88,89,90],[92,109,94,95],"Patch",{"url":111,"sources":112,"tags":113},"https://github.com/twbs/bootstrap/issues/27915#issuecomment-452196628",[87,81,88,89,90],[92,94,95],{"url":115,"sources":116,"tags":117},"https://access.redhat.com/errata/RHSA-2019:1456",[87,81,88,89,90],[118,119,95],"Vendor Advisory","X Refsource REDHAT",{"url":121,"sources":122,"tags":123},"https://access.redhat.com/errata/RHBA-2019:1076",[87,81,88,89,90],[118,119,95],{"url":125,"sources":126,"tags":127},"https://access.redhat.com/errata/RHBA-2019:1570",[87,81,88,89,90],[118,119,95],{"url":129,"sources":130,"tags":131},"https://access.redhat.com/errata/RHSA-2019:3023",[87,81,88,89,90],[118,119,95],{"url":133,"sources":134,"tags":135},"https://access.redhat.com/errata/RHSA-2020:0132",[87,81,88,89,90],[118,119,95],{"url":137,"sources":138,"tags":139},"https://access.redhat.com/errata/RHSA-2020:0133",[87,81,88,89,90],[118,119,95],{"url":141,"sources":142,"tags":143},"https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E",[87,81],[144,145],"Mailing List","X Refsource MLIST",{"url":147,"sources":148,"tags":149},"https://www.tenable.com/security/tns-2021-14",[87,81],[150],"X Refsource CONFIRM",{"url":152,"sources":153,"tags":154},"https://nvd.nist.gov/vuln/detail/CVE-2018-20676",[88,89,90],[155],"Advisory",{"url":157,"sources":158,"tags":159},"https://github.com/twbs/bootstrap/commit/2a5ba23ce8f041f3548317acc992ed8a736b609d",[88,89,90],[95],{"url":161,"sources":162,"tags":163},"https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E",[88,89,90],[95],{"url":165,"sources":166,"tags":167},"https://github.com/twbs/bootstrap",[88,89,90],[168],"PACKAGE",{"url":170,"sources":171,"tags":172},"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap/CVE-2018-20676.yml",[88,89,90],[95],{"url":174,"sources":175,"tags":176},"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-20676.yml",[88,89,90],[95],{"url":178,"sources":179,"tags":180},"https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0",[88,89,90],[95],[],{"date":183,"score":77,"percentile":184},"2026-06-04",0.90427,[186,190,193,196,199,202,205,207,209,212,215,218,220,223,225,229,232,235,237,239,242,244,247,249,252,255,258,260,264,267,269,272,275,277,280,282,284,287,290,293,296,299,301,303,306,309,312,314,317,319,322,325,328,331,335,338,341,344,347,350,353,356,359,362,364,367,370,373,376,378,380,383,386,389,392,394,397,399,402,405,408,411,414,417,420,423,426,429,431,434],{"date":187,"score":188,"percentile":189},"2025-11-04",0.06144,0.90388,{"date":191,"score":188,"percentile":192},"2025-11-05",0.90387,{"date":194,"score":188,"percentile":195},"2025-11-06",0.90385,{"date":197,"score":188,"percentile":198},"2025-11-07",0.90393,{"date":200,"score":188,"percentile":201},"2025-11-08",0.90395,{"date":203,"score":188,"percentile":204},"2025-11-09",0.90394,{"date":206,"score":188,"percentile":204},"2025-11-10",{"date":208,"score":188,"percentile":204},"2025-11-11",{"date":210,"score":188,"percentile":211},"2025-11-12",0.90401,{"date":213,"score":188,"percentile":214},"2025-11-13",0.90404,{"date":216,"score":188,"percentile":217},"2025-11-14",0.90406,{"date":219,"score":188,"percentile":214},"2025-11-15",{"date":221,"score":188,"percentile":222},"2025-11-16",0.90407,{"date":224,"score":188,"percentile":214},"2025-11-17",{"date":226,"score":227,"percentile":228},"2025-11-18",0.03318,0.86036,{"date":230,"score":227,"percentile":231},"2025-11-19",0.86037,{"date":233,"score":227,"percentile":234},"2025-11-20",0.86038,{"date":236,"score":188,"percentile":217},"2025-11-21",{"date":238,"score":188,"percentile":217},"2025-11-22",{"date":240,"score":188,"percentile":241},"2025-11-23",0.90405,{"date":243,"score":188,"percentile":217},"2025-11-24",{"date":245,"score":188,"percentile":246},"2025-11-25",0.90409,{"date":248,"score":188,"percentile":246},"2025-11-26",{"date":250,"score":188,"percentile":251},"2025-11-27",0.90408,{"date":253,"score":188,"percentile":254},"2025-11-28",0.90399,{"date":256,"score":188,"percentile":257},"2025-11-29",0.90431,{"date":259,"score":188,"percentile":257},"2025-11-30",{"date":261,"score":262,"percentile":263},"2025-12-01",0.02679,0.85399,{"date":265,"score":262,"percentile":266},"2025-12-02",0.85404,{"date":268,"score":262,"percentile":266},"2025-12-03",{"date":270,"score":188,"percentile":271},"2025-12-04",0.90433,{"date":273,"score":188,"percentile":274},"2025-12-05",0.9044,{"date":276,"score":188,"percentile":274},"2025-12-06",{"date":278,"score":188,"percentile":279},"2025-12-07",0.90437,{"date":281,"score":188,"percentile":279},"2025-12-08",{"date":283,"score":188,"percentile":274},"2025-12-09",{"date":285,"score":188,"percentile":286},"2025-12-10",0.90449,{"date":288,"score":188,"percentile":289},"2025-12-11",0.90454,{"date":291,"score":188,"percentile":292},"2025-12-12",0.90458,{"date":294,"score":188,"percentile":295},"2025-12-13",0.90459,{"date":297,"score":188,"percentile":298},"2025-12-14",0.90457,{"date":300,"score":188,"percentile":295},"2025-12-15",{"date":302,"score":188,"percentile":289},"2025-12-16",{"date":304,"score":188,"percentile":305},"2025-12-17",0.90461,{"date":307,"score":188,"percentile":308},"2025-12-18",0.90468,{"date":310,"score":188,"percentile":311},"2025-12-19",0.90469,{"date":313,"score":188,"percentile":311},"2025-12-20",{"date":315,"score":188,"percentile":316},"2025-12-21",0.90479,{"date":318,"score":188,"percentile":316},"2025-12-22",{"date":320,"score":188,"percentile":321},"2025-12-23",0.90481,{"date":323,"score":188,"percentile":324},"2025-12-24",0.90492,{"date":326,"score":188,"percentile":327},"2025-12-25",0.90502,{"date":329,"score":188,"percentile":330},"2025-12-26",0.90499,{"date":332,"score":333,"percentile":334},"2025-12-27",0.03636,0.87523,{"date":336,"score":188,"percentile":337},"2025-12-28",0.90496,{"date":339,"score":188,"percentile":340},"2025-12-29",0.90493,{"date":342,"score":188,"percentile":343},"2025-12-30",0.90498,{"date":345,"score":188,"percentile":346},"2025-12-31",0.90509,{"date":348,"score":262,"percentile":349},"2026-01-01",0.85465,{"date":351,"score":262,"percentile":352},"2026-01-02",0.85466,{"date":354,"score":262,"percentile":355},"2026-01-03",0.85464,{"date":357,"score":188,"percentile":358},"2026-01-04",0.90511,{"date":360,"score":188,"percentile":361},"2026-01-05",0.90508,{"date":363,"score":188,"percentile":358},"2026-01-06",{"date":365,"score":188,"percentile":366},"2026-01-07",0.90514,{"date":368,"score":188,"percentile":369},"2026-01-08",0.90516,{"date":371,"score":188,"percentile":372},"2026-01-09",0.90517,{"date":374,"score":188,"percentile":375},"2026-01-10",0.90519,{"date":377,"score":188,"percentile":358},"2026-01-11",{"date":379,"score":188,"percentile":358},"2026-01-12",{"date":381,"score":188,"percentile":382},"2026-01-13",0.9051,{"date":384,"score":188,"percentile":385},"2026-01-14",0.90523,{"date":387,"score":188,"percentile":388},"2026-01-15",0.90526,{"date":390,"score":188,"percentile":391},"2026-01-16",0.90529,{"date":393,"score":188,"percentile":388},"2026-01-17",{"date":395,"score":188,"percentile":396},"2026-01-18",0.90528,{"date":398,"score":188,"percentile":396},"2026-01-19",{"date":400,"score":188,"percentile":401},"2026-01-20",0.9053,{"date":403,"score":188,"percentile":404},"2026-01-21",0.90531,{"date":406,"score":188,"percentile":407},"2026-01-22",0.90534,{"date":409,"score":188,"percentile":410},"2026-01-23",0.90543,{"date":412,"score":188,"percentile":413},"2026-01-24",0.9055,{"date":415,"score":188,"percentile":416},"2026-01-25",0.90551,{"date":418,"score":188,"percentile":419},"2026-01-26",0.90553,{"date":421,"score":188,"percentile":422},"2026-01-27",0.90557,{"date":424,"score":188,"percentile":425},"2026-01-28",0.90563,{"date":427,"score":188,"percentile":428},"2026-01-29",0.90564,{"date":430,"score":188,"percentile":425},"2026-01-30",{"date":432,"score":188,"percentile":433},"2026-01-31",0.90574,{"date":435,"score":262,"percentile":436},"2026-02-01",0.85518,[438,448,450,452],{"source":81,"cvss_v2_0":439,"cvss_v3_0":444,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":440,"baseSeverity":9,"vectorString":441,"impactScore":442,"exploitabilityScore":443},4.3,"AV:N/AC:M/Au:N/C:N/I:P/A:N",2.9,8.6,{"baseScore":79,"baseSeverity":445,"vectorString":82,"impactScore":446,"exploitabilityScore":447},"MEDIUM",4.5,7.2,{"source":88,"cvss_v2_0":9,"cvss_v3_0":449,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":79,"baseSeverity":9,"vectorString":82,"impactScore":446,"exploitabilityScore":447},{"source":89,"cvss_v2_0":9,"cvss_v3_0":451,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":79,"baseSeverity":9,"vectorString":82,"impactScore":446,"exploitabilityScore":447},{"source":90,"cvss_v2_0":9,"cvss_v3_0":453,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":79,"baseSeverity":9,"vectorString":82,"impactScore":446,"exploitabilityScore":447},[455,468,473,477,484,491,497,500],{"ecosystem":456,"name":457,"vendor":458,"product":459,"cpe_part":9,"purl_type":460,"purl_namespace":458,"purl_name":459,"source":9,"versions":461},"Packagist","twbs/bootstrap","twbs","bootstrap","composer",[462],{"version":463,"is_range":464,"range_type":465,"version_start":9,"version_start_type":9,"version_end":466,"version_end_type":467,"fixed_in":9},"lt3_4_0",true,"ecosystem","3.4.0","excluding",{"ecosystem":469,"name":459,"vendor":469,"product":459,"cpe_part":9,"purl_type":470,"purl_namespace":9,"purl_name":459,"source":9,"versions":471},"RubyGems","gem",[472],{"version":463,"is_range":464,"range_type":465,"version_start":9,"version_start_type":9,"version_end":466,"version_end_type":467,"fixed_in":9},{"ecosystem":469,"name":474,"vendor":469,"product":474,"cpe_part":9,"purl_type":470,"purl_namespace":9,"purl_name":474,"source":9,"versions":475},"bootstrap-sass",[476],{"version":463,"is_range":464,"range_type":465,"version_start":9,"version_start_type":9,"version_end":466,"version_end_type":467,"fixed_in":9},{"ecosystem":9,"name":459,"vendor":478,"product":459,"cpe_part":479,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":480},"getbootstrap","a",[481],{"version":482,"is_range":464,"range_type":483,"version_start":9,"version_start_type":9,"version_end":466,"version_end_type":467,"fixed_in":9},"lt3.4.0","cpe",{"ecosystem":485,"name":486,"vendor":487,"product":459,"cpe_part":9,"purl_type":488,"purl_namespace":487,"purl_name":459,"source":9,"versions":489},"Maven","org.webjars:bootstrap","org.webjars","maven",[490],{"version":463,"is_range":464,"range_type":465,"version_start":9,"version_start_type":9,"version_end":466,"version_end_type":467,"fixed_in":9},{"ecosystem":492,"name":459,"vendor":492,"product":459,"cpe_part":9,"purl_type":493,"purl_namespace":9,"purl_name":459,"source":9,"versions":494},"Npm","npm",[495],{"version":463,"is_range":464,"range_type":496,"version_start":9,"version_start_type":9,"version_end":466,"version_end_type":467,"fixed_in":9},"semver",{"ecosystem":492,"name":474,"vendor":492,"product":474,"cpe_part":9,"purl_type":493,"purl_namespace":9,"purl_name":474,"source":9,"versions":498},[499],{"version":463,"is_range":464,"range_type":496,"version_start":9,"version_start_type":9,"version_end":466,"version_end_type":467,"fixed_in":9},{"ecosystem":501,"name":459,"vendor":501,"product":459,"cpe_part":9,"purl_type":502,"purl_namespace":9,"purl_name":459,"source":9,"versions":503},"NuGet","nuget",[504],{"version":463,"is_range":464,"range_type":465,"version_start":9,"version_start_type":9,"version_end":466,"version_end_type":467,"fixed_in":9}]