hi @wim.vandebrug,
we do assess boostrap vulnerabilities
a couple of examples:
- CVE-2024-6485 | Vulnerability Database | Aqua Security
(we don’t use bootstrap buttons) - CVE-2025-1647 | Vulnerability Database | Aqua Security
(we no longer use bootstrap components)
neither of which anvil is affected by.
note anvil-extras prior to 3.0.0 was using bootstrap popovers, so you may wish to upgrade to the latest version of anvil-extras which no longer uses any bootstrap components.
If there are any other bootstrap related CVEs you want us to look at let us know
If you want to remove bootstrap from your app, that’s also possible
see this post