jQuery is so complex as a JavaScript library that given time smart hackers will eventually find a security vulnerability. As I write this article in May 2020 the latest version of jQuery is version 3.5.0 which was released on April 10th, 2020.
jQuery 3.5.0 included multiple security fixes because ALL old version of jQuery has security vulnerabilities and we can pretty much assume a smart hacker will find a vulnerability in version 3.5.0.
Medium Risk – Cross-site Scripting (XSS) for jQuery versions <3.5.0 jQuery vulnerability published on 29 Apr, 2020
Medium Risk – Cross-site Scripting (XSS) for jQuery versions >=2.2.0 <3.5.0 jQuery vulnerability published on 13 Apr, 2020
Medium Risk – Prototype Pollution for jQuery versions <3.4.0 jQuery vulnerability published on 27 Mar, 2019
Low Risk – Denial of Service (DoS) for jQuery versions >=3.0.0-rc1 <3.0.0 jQuery vulnerability published on 26 Dec, 2016
Medium Risk – Cross-site Scripting (XSS) for jQuery versions <1.12.2,>=1.12.3 <2.2.2,>=2.2.3 <3.0.0 jQuery vulnerability published on 27 Nov, 2016
Medium Risk – Cross-site Scripting (XSS) for jQuery versions <1.6.3 jQuery vulnerability published on 20 Oct, 2016
Medium Risk – Cross-site Scripting (XSS) for jQuery versions >=1.7.1 <1.9.0 jQuery vulnerability published on 20 Oct, 2016
Medium Risk – Cross-site Scripting (XSS) for jQuery versions >=1.4.2 <1.6.2 jQuery vulnerability published on 20 Oct, 2016
Continue Reading Includes front-end JavaScript libraries with known security vulnerabilities