Composer Audit Ignore NO CVE Vulnerability #12531

TRTKnik · 2025-09-08T11:42:55Z

TRTKnik
Sep 8, 2025

I have a question about the usage of composer audit with a configurable ignore block
I added a few vulnerabilities to the ignore block via CVE identifiers

Something like that:

"config": {
    "audit": {
        "abandoned": "ignore",
        "ignore": ["CVE-2021-3902", "CVE-2021-3838"]
    }
}

But I found one that can not be ignored because it does not contain CVE (CVE is NO CVE):

How can I ignore such a vulnerability?

Composer version is 2.7.7

Thanks in advance!

Answered by glaubinix

Sep 8, 2025

You can for instance use the GitHub advisory ID instead, see https://getcomposer.org/doc/06-config.md#ignore

View full answer

glaubinix · 2025-09-08T11:47:54Z

glaubinix
Sep 8, 2025

You can for instance use the GitHub advisory ID instead, see https://getcomposer.org/doc/06-config.md#ignore

1 reply

TRTKnik Sep 8, 2025
Author

Thanks!

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Composer Audit Ignore NO CVE Vulnerability #12531

Uh oh!

{{title}}

Uh oh!

Replies: 1 comment 1 reply

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Uh oh!

Composer Audit Ignore NO CVE Vulnerability #12531

Uh oh!

TRTKnik Sep 8, 2025

Replies: 1 comment · 1 reply

Uh oh!

glaubinix Sep 8, 2025

Uh oh!

TRTKnik Sep 8, 2025 Author

TRTKnik
Sep 8, 2025

Replies: 1 comment 1 reply

glaubinix
Sep 8, 2025

TRTKnik Sep 8, 2025
Author