We're using the Dependency-Check Jenkins plugin version 3.3.4 to analyze our software and are experimenting a buggy behavior. Every time we do a scan the plugin says that we got: 

12 new vulnerabilities
12 Fixed vulnerabilities

And the problem is that all of them are the same vulnerabilities, scan after scan, related to the Bouncy Castle provider: bcprov-jdk15on.jar