diff --git a/gems/bootstrap/CVE-2018-14041.yml b/gems/bootstrap/CVE-2018-14041.yml
new file mode 100644
index 0000000000..141d11be9b
--- /dev/null
+++ b/gems/bootstrap/CVE-2018-14041.yml
@@ -0,0 +1,28 @@
+---
+gem: bootstrap
+cve: 2018-14041
+ghsa: 3wqf-4x89-9g79
+url: https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2
+title: Bootstrap vulnerable to Cross-Site Scripting (XSS)
+date: 2018-09-13
+description: |
+  In Bootstrap before 4.1.2, XSS is possible in the collapse
+  data-parent attribute.
+cvss_v3: 6.1
+patched_versions:
+  - ">= 4.1.2"
+related:
+  url:
+    - https://nvd.nist.gov/vuln/detail/CVE-2018-14040
+    - https://github.com/twbs/bootstrap/issues/26625
+    - https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2
+    - https://github.com/twbs/bootstrap/issues/26423
+    - https://github.com/twbs/bootstrap/issues/26628
+    - https://github.com/twbs/bootstrap/pull/26630
+    - https://github.com/twbs/bootstrap/commit/149096016f70fd815540d62c0989fd99cdc809e0
+    - https://github.com/twbs/bootstrap/blob/v3.4.1/js/collapse.js#L140
+    - https://lists.debian.org/debian-lts-announce/2018/08/msg00027.html
+    - https://seclists.org/bugtraq/2019/May/18
+    - https://www.oracle.com/security-alerts/cpuApr2021.html
+    - https://www.tenable.com/security/tns-2021-14
+    - https://github.com/advisories/GHSA-3wqf-4x89-9g79