2 files changed, 12 insertions, 0 deletions

diff --git a/android/config/dependency-check-suppression.xml b/android/config/dependency-check-suppression.xml
index 2462a467ba..3b03ea05c0 100644
--- a/android/config/dependency-check-suppression.xml
+++ b/android/config/dependency-check-suppression.xml
@@ -49,4 +49,11 @@
         <packageUrl regex="true">^pkg:maven/com\.google\.protobuf/protobuf-.*@.*$</packageUrl>
         <cve>CVE-2024-7254</cve>
     </suppress>
+    <suppress until="2025-01-04Z">
+        <notes><![CDATA[
+            No impact since the app doesn't process externally crafted XML.
+        ]]></notes>
+        <packageUrl regex="true">^pkg:maven/commons-io/commons-io@.*$</packageUrl>
+        <cve>CVE-2024-47554</cve>
+    </suppress>
 </suppressions>
diff --git a/android/gradle/osv-scanner.toml b/android/gradle/osv-scanner.toml
index ce19dcfe26..6d28c7564d 100644
--- a/android/gradle/osv-scanner.toml
+++ b/android/gradle/osv-scanner.toml
@@ -73,6 +73,11 @@ id = "CVE-2024-7254" # GHSA-735f-pc8j-v9w8
 ignoreUntil = 2024-11-02
 reason = "Should not be applicable since client and server are always in sync and we are only communicating locally over UDS."
 
+[[IgnoredVulns]]
+id = "CVE-2024-47554" # GHSA-78wr-2p64-hpwj
+ignoreUntil = 2025-01-04
+reason = "No impact since the app doesn't process externally crafted XML."
+
 [[PackageOverrides]]
 name = "org.bouncycastle:bcprov-jdk15on"
 ecosystem = "Maven"