[AgentME]

I wouldn't say that jQuery has a vulnerability, but it having tons of APIs that have an overloard supporting injecting HTML from a string make it easy to write vulnerable code (compare to React where the only way to inject HTML from a string requires using a very explicit API involving typing "unsafe") and hard to identify vulnerable code (I can't easily ctrl-f through a codebase for easy-to-misuse functions because most of the calls will be calls to safer-element-taking overloads that I can only identify by following the code backwards).