diff --git a/audit-ci.jsonc b/audit-ci.jsonc
index b6eb56c3527..2fe678928fd 100644
--- a/audit-ci.jsonc
+++ b/audit-ci.jsonc
@@ -11,16 +11,20 @@
         // Fix is available in VitePress 2.x with esbuild v0.25.x, but no stable release yet (only alpha).
         "GHSA-67mh-4wv8-2f99|vitepress>vite>esbuild",
 
-        // We fix this vulnerability in the production code by overrides for the production build,
-        // but the vulnerable version of minimatch is still used in development dependencies.
-        // The reasoning is that it's a transitive dependency with a version that way bellow the fixed one (v3 vs v10) and
-        // overriding such a version will break the development environment.
-        "GHSA-3ppc-4f35-3m26|@eslint/eslintrc>minimatch>",
-        "GHSA-3ppc-4f35-3m26|@istanbuljs/esm-loader-hook>test-exclude>minimatch",
-        "GHSA-3ppc-4f35-3m26|babel-plugin-istanbul>test-exclude>minimatch",
-        "GHSA-3ppc-4f35-3m26|eslint>@eslint/config-array>minimatch",
-        "GHSA-3ppc-4f35-3m26|js-beautify>editorconfig>minimatch",
-        "GHSA-3ppc-4f35-3m26|minimatch>",
-        "GHSA-3ppc-4f35-3m26|nyc>test-exclude>minimatch",
+        // None of the tar vulnerabilities listed below can be exploited in the context of UI5 CLI.
+        // All archives handled by UI5 CLI are provided by SAP and hosted on the npm registry, hence
+        // they are seen as trusted sources.
+        // We nevertheless upgraded the tar dependency to the fixed version using overwrites in the package.json.
+        // This only affects productive dependencies though, not development dependencies.
+        "GHSA-34x7-hfp2-rc4v|@npmcli/metavuln-calculator>pacote>tar>",
+        "GHSA-34x7-hfp2-rc4v|licensee>@npmcli/arborist>pacote>tar",
+        "GHSA-83g3-92jg-28cx|@npmcli/metavuln-calculator>pacote>tar>",
+        "GHSA-83g3-92jg-28cx|licensee>@npmcli/arborist>pacote>tar",
+        "GHSA-8qq5-rm4j-mr97|@npmcli/metavuln-calculator>pacote>tar>",
+        "GHSA-8qq5-rm4j-mr97|licensee>@npmcli/arborist>pacote>tar",
+        "GHSA-qffp-2rhf-9h96|@npmcli/metavuln-calculator>pacote>tar>",
+        "GHSA-qffp-2rhf-9h96|licensee>@npmcli/arborist>pacote>tar",
+        "GHSA-r6q2-hw4h-h46w|@npmcli/metavuln-calculator>pacote>tar>",
+        "GHSA-r6q2-hw4h-h46w|licensee>@npmcli/arborist>pacote>tar",
     ]
 }