Cross Site Scripting vulnerability in jQuery 2.2.0 through 3.x before 3.5.0 allows a remote attacker to execute arbitrary code via the <options> element.
https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-03
https://snyk.io/vuln/SNYK-JS-JQUERY-565129