Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings
Discussion options

TRTKnik
Sep 8, 2025

I have a question about the usage of composer audit with a configurable ignore block
I added a few vulnerabilities to the ignore block via CVE identifiers

Something like that:

"config": {
    "audit": {
        "abandoned": "ignore",
        "ignore": ["CVE-2021-3902", "CVE-2021-3838"]
    }
}

But I found one that can not be ignored because it does not contain CVE (CVE is NO CVE):
photo_5330152700823860810_y

How can I ignore such a vulnerability?

Composer version is 2.7.7

Thanks in advance!
You must be logged in to vote
Answered by glaubinix Sep 8, 2025

You can for instance use the GitHub advisory ID instead, see https://getcomposer.org/doc/06-config.md#ignore

View full answer

Replies: 1 comment · 1 reply

Comment options

glaubinix
Sep 8, 2025

You can for instance use the GitHub advisory ID instead, see https://getcomposer.org/doc/06-config.md#ignore
You must be logged in to vote
1 reply
@TRTKnik
Comment options

TRTKnik Sep 8, 2025
Author

Thanks!
Answer selected by TRTKnik
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
2 participants
@TRTKnik @glaubinix
Morty Proxy This is a proxified and sanitized view of the page, visit original site.