diff --git a/audit-ci.jsonc b/audit-ci.jsonc
index 339c2f48b1..8fbdf4d996 100644
--- a/audit-ci.jsonc
+++ b/audit-ci.jsonc
@@ -32,6 +32,10 @@
     // Nodejs ‘undici’ Vulnerable to CRLF
     // Used only in hardhat, so only in dev. Even then we dont use remote requests.
     "GHSA-5r9g-qh6m-jxff",
+    // https://github.com/advisories/GHSA-j8xg-fqg3-53r7
+    // word-wrap vulnerable to Regular Expression Denial of Service
+    // Used only in eslint, so only in dev.
+    "GHSA-j8xg-fqg3-53r7",
 
     // Open Zepplin
     ////////////
@@ -102,6 +106,12 @@
     // from: @arbitrum/nitro-contracts>hardhat>semver
     // from: arb-bridge-peripherals>arb-bridge-eth>hardhat>semver
     // Used only in dev.
-    "GHSA-c2qf-rxjj-qqgw"
+    "GHSA-c2qf-rxjj-qqgw",
+    // https://github.com/advisories/GHSA-g4vp-m682-qqmp
+    // OpenZeppelin Contracts vulnerable to Improper Escaping of Output
+    // from: @arbitrum/nitro-contracts>@openzeppelin/contracts-upgradeable
+    // from @arbitrum/nitro-contracts>@openzeppelin/contracts
+    // We don't use ERC2771Context
+    "GHSA-g4vp-m682-qqmp"
   ]
 }