diff --git a/docker-selenium.advisories.yaml b/docker-selenium.advisories.yaml
index 1071e09f0d..c8d06a41ab 100644
--- a/docker-selenium.advisories.yaml
+++ b/docker-selenium.advisories.yaml
@@ -89,3 +89,11 @@ advisories:
             componentType: java-archive
             componentLocation: /external_jars/https/repo1.maven.org/maven2/io/netty/netty-codec-http2/4.1.110.Final/netty-codec-http2-4.1.110.Final.jar
             scanner: grype
+      - timestamp: 2025-08-15T01:25:00Z
+        type: pending-upstream-fix
+        data:
+          note: |
+            The netty-codec-http2 vulnerability comes from the selenium-server dependency. Docker-selenium
+            is a collection of Docker images and scripts that packages selenium-server, not a Maven/Bazel
+            project itself. The fix needs to be applied in the selenium package first, which will then
+            flow through to docker-selenium when it's updated to use the fixed selenium-server version.