Bootstrap V4.0.0-alpha.6 Vulnerabilities Jun 2026

alpha.6 still contained remnants of the Affix plugin from Bootstrap 3 (removed in stable v4.0.0). This plugin had known prototype pollution vectors where modifying offset.top could lead to unexpected execution contexts.

Bootstrap v4.0.0-alpha.6, released in early 2017, contains several documented security vulnerabilities, primarily centered on . Because it is an alpha release of a now-deprecated version (v4 reached End of Life in January 2023), it no longer receives security patches. Primary Vulnerabilities bootstrap v4.0.0-alpha.6 vulnerabilities