diff --git a/tools/dependency/cve_scan.py b/tools/dependency/cve_scan.py
index 6496c8b7f561e..5e3456fda76a2 100755
--- a/tools/dependency/cve_scan.py
+++ b/tools/dependency/cve_scan.py
@@ -42,6 +42,11 @@
     # Node.js issue unrelated to http-parser, see
     # https://github.com/mhart/StringStream/issues/7.
     'CVE-2018-21270',
+    # These should not affect Curl 7.74.0, but we see false positives due to the
+    # relative release date and CPE wildcard.
+    'CVE-2020-8169',
+    'CVE-2020-8177',
+    'CVE-2020-8284',
 ])
 
 # Subset of CVE fields that are useful below.