diff --git a/tools/dependency/cve_scan.py b/tools/dependency/cve_scan.py
index 97aab18224fc8..3279f4855e5f3 100755
--- a/tools/dependency/cve_scan.py
+++ b/tools/dependency/cve_scan.py
@@ -34,6 +34,9 @@
     'CVE-2020-8252',
     # Fixed via the nghttp2 1.41.0 bump in Envoy 8b6ea4.
     'CVE-2020-11080',
+    # Node.js issue rooted in a c-ares bug. Does not appear to affect
+    # http-parser or our use of c-ares, c-ares has been bumped regardless.
+    'CVE-2020-8277',
 ])
 
 # Subset of CVE fields that are useful below.