Never-Ending Support for Bootstrap versions  2.x, 3.x, 4.x

Bootstrap NES

Bootstrap Never-Ending Support (NES) by HeroDevs means you can stay secure, compatible, and compliant without migrating away.

White arrow
Get Pricing
View Docs
IMPORTANT
Get NES for Bootstrap now to stay protected from CVE-2024-6484, CVE-2024-6485, and CVE-2024-6531
Bootstrap Framework Logo

Bootstrap NES

is a secure drop-in replacement for

Bootstrap versions 2 - 4

and takes just a few minutes to set up.

Step 1
Update your package.json
Step 2
Set up token
Step 3
Install & Run!
CVE Protection

7 Security Issues Fixed in Bootstrap NES
(and always looking for more)

By purchasing Bootstrap Never-Ending Support from HeroDevs, you’re ensuring that your Bootstrap application stays secure and these vulnerabilities are mitigated. As more CVEs are discovered, you can rest easy knowing HeroDevs has remediated those issues before they’re ever announced publicly.

If you’re currently using Bootstrap 2, 3 or 4 in your application’s tech stack, your application is vulnerable to the CVEs listed below.

For users of Bootstrap 3, you may be using bootstrap-sass.
Bootstrap-sass is protected by HeroDevs as part of Bootstrap NES.

Switch to Bootstrap NES in minutes to immediately mitigate these vulnerabilities.
Severity
ID
Technology
Libraries Affected
Category
Version(s) Affected
Published Date
Medium
CVE-2024-6531
Open in new tab icon
Bootstrap
Bootstrap
Cross-Site Scripting
>=4.0.0 <=4.6.2
Jul 11, 2024
Medium
CVE-2024-6485
Open in new tab icon
Bootstrap
Bootstrap
Cross-Site Scripting
>=1.4.0 <=3.4.1
Jul 11, 2024
Medium
CVE-2024-6484
Open in new tab icon
Bootstrap
Bootstrap
Cross-Site Scripting
>=3.2.0 <=3.4.1
Jul 11, 2024
Medium
CVE-2019-8331
Open in new tab icon
Bootstrap
Bootstrap
Cross-Site Scripting
>=2.0.0 <=2.3.2, >=3.0.0-rc1 <3.4.1
Feb 28, 2025
Medium
CVE-2018-14042
Open in new tab icon
Bootstrap
Bootstrap
Cross-Site Scripting
>=2.3.0 <=2.3.2, >=3.0.0-rc1 <3.4.0, >=4.0.0-alpha <4.1.2
Feb 28, 2025
Medium
CVE-2018-14040
Open in new tab icon
Bootstrap
Bootstrap
Cross-Site Scripting
>=2.3.0 <=2.3.2, >=3.0.0-rc1 <3.4.0, >=4.0.0-alpha <4.1.2
Feb 28, 2025
Medium
CVE-2016-10735
Open in new tab icon
Bootstrap
Bootstrap
Cross-Site Scripting
>=2.0.0 <=2.3.2, >=3.0.0-rc1 <3.4.0, >=4.0.0-alpha <4.0.0-beta.2
Feb 28, 2025
For more details on CVEs found in end-of-life software, visit our vulnerability directory.
Vulnerability Directory
Arrow
Report A Vulnerability

What is Never-Ending Support?

Security icon
Security Fixes
A new version of Bootstrap NES will be released each time we find, validate, and fix a security issue.
Compatibility icon
Drop-In Compatibility
A direct replacement for your framework—no migrations, no rewrites, just ongoing support.
SLA Compliance
HeroDevs provides SLAs that ensure compliance by providing incident response and remediation in accordance with industry-standard regulations, including SOC 2, FedRAMP, PCI, and HIPAA.
Learn more.
Team of Experts
Bootstrap NES is built and maintained by core team members of Bootstrap to ensure the same excellent quality of support you expect.
Easy to Install
Our simple drop-in replacement means all you have to do is change your package.json and rebuild your project. No code changes or find & replace required.
Intellectual Property Protection
Bootstrap NES is not only secure; HeroDevs also offers enterprise-level protection for all products.
Learn more.

The Problem We Solve

56%
of all Bootstrap downloads on NPM are no longer supported by Bootstrap.
Is your website one of them?
As of March 2024, Bootstrap was downloaded from NPM 4,411,001 times. 2,481,882 were version 3 or 4 – versions that Bootstrap no longer supports. (Source)

Using unsupported versions of Bootstrap leaves your website vulnerable to cyberattacks, violates compliance standards, and becomes incompatible with dependencies over time. Many companies don’t have the budget, time, or other resources to upgrade or migrate.
Bootstrap Never-Ending Support by HeroDevs means you can keep using the older versions you have and stay secure, compatible, and compliant without migrating away.
Why herodevs?

We Partner with Core Contributors

Our official collaboration with Bootstrap's core team and principal contributors directly enhances the reliability of our Bootstrap Never-Ending Support (NES) product.

By involving core maintainers of the library, we set a new standard in open source software maintenance to ensure that Bootstrap NES is as dependable as the original technology it’s built on.
Mark Otto
Creator of Bootstrap
Github icon
Fotis
Bootstrap Core Team Member
Github icon
George
Bootstrap Maintainer
Github icon
We Give Back To Open Source
HeroDevs is deeply committed to the open-source community. We support open source through sponsorships, backing core contributors, and funding events that drive the ecosystem forward. Our engagement extends beyond financial contributions, embodying a commitment to the ongoing growth and innovation of open-source software. This holistic support ensures the vitality of the open-source movement, fostering an environment of collaboration and advancement.

Related Products

If you're leveraging this technology, chances are you're also using complementary systems that face similar end-of-life (EOL) challenges.

Explore our related NES products that offer proactive, comprehensive support for your entire tech stack to ensure continuity, security, and innovation across all your essential technologies.
View All Products
Arrow
Vuetify NES
ESLint NES
Nuxt NES
jQuery NES
Angular NES
AngularJS NES
Protractor NES

Related Blog Posts

Thought Leadership
May 9, 2025
Broadcom vs. VMware Users: What This Means for the Future of Software Ownership
What Broadcom’s actions toward VMware users reveal about the future of software licensing—and why HeroDevs is committed to doing things differently.
Thought Leadership
May 8, 2025
EU’s Sovereign Tech Fund: Securing Open‑Source Sustainability and Why It Matters
Why the EU’s Sovereign Tech Fund Could Be the Most Important Investment in Open Source Since the Linux Foundation—and What HeroDevs Has Already Been Doing About It
Thought Leadership
May 6, 2025
EasyJSON Security Concerns and the Open Source Supply Chain
How EasyJSON’s ties to VK Group are forcing the open source community to reexamine trust, sanctions, and software supply chain risk.
More posts
Leaping over technology stacks in a single bound!

Defeat Your Technical Villains

Whether it's continuous support through our Never-Ending Support (NES) library or our unparalleled professional services to get you migrated and moving forward, HeroDevs is to the rescue!
NES ProductsPro Services

Contact Us

Got questions about Never-Ending Support for your open-source library? We're here to help!

Discover how HeroDevs NES Products can keep your systems secure and compliant.

Learn how our solutions can deliver value to your organization.

Get detailed pricing information tailored to your needs.

Trusted by industry leaders such as
Microsoft LogoBank Santander Logo SAP LogoFinra LogoCapital One LogoGeneral Electric LogoUnqork LogoGoogle LogoValid 8 logoQueenslandRail logoGSA logoDepartment of Health logo
Talk to an Expert

By clicking “submit” I acknowledge receipt of our Privacy Policy.

Thank you! Your submission has been received!
Please enter a company email.

By clicking "Accept", you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

PreferencesRejectAccept
Manage Consent Preferences by Category
Essentials
Always active

Necessary for the site to function. Always On.

Used for targeted advertising.

Remembers your preferences and provides enhanced features.

Measures usage and improves your experience.

Reject AllAccept All
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.