diff --git a/.github/workflows/cve-scan.yml b/.github/workflows/cve-scan.yml
index ab601ea7..b6392031 100644
--- a/.github/workflows/cve-scan.yml
+++ b/.github/workflows/cve-scan.yml
@@ -15,4 +15,4 @@ jobs:
       - uses: gradle/gradle-build-action@v2
         with:
           gradle-version: 7.4.1
-          arguments: dependencyCheckAggregate
+          arguments: ':dependencyCheckAggregate'
diff --git a/README.md b/README.md
index ec4e24d0..b81ad182 100644
--- a/README.md
+++ b/README.md
@@ -347,7 +347,7 @@ If you want to skip end-to-end tests completely, run
 The project integrates CVE scanning to check for vulnerable dependencies. In case of build failure, this can be caused by a high-risk vulnerability in a dependency being identified. You can run the reporting locally:
 
 ```
-./gradlew dependencyCheckAggregate
+./gradlew :dependencyCheckAggregate
 open build/reports/dependency-check-report.html
 ```
 
diff --git a/build.gradle b/build.gradle
index e0a62eda..992b9e3c 100644
--- a/build.gradle
+++ b/build.gradle
@@ -2,13 +2,17 @@ plugins {
     id 'eclipse'
     id 'idea'
     id 'com.github.ben-manes.versions' version '0.42.0'
-    id 'org.owasp.dependencycheck' version '7.1.0.1'
+    id 'org.owasp.dependencycheck' version '7.1.1'
 }
 
 
 // CVE vulnerability scanning
-// run: ./gradlew dependencyCheckAggregate
+// run: ./gradlew :dependencyCheckAggregate
 
 dependencyCheck {
-    failBuildOnCVSS = '9'
+    failBuildOnCVSS = 5
+    suppressionFile = 'cve-suppressions.xml'
+    analyzers {
+        assemblyEnabled = false
+    }
 }
diff --git a/cve-suppressions.xml b/cve-suppressions.xml
new file mode 100644
index 00000000..08efa209
--- /dev/null
+++ b/cve-suppressions.xml
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
+<suppress>
+   <notes><![CDATA[
+	   This vulnerablility is not going to be fixed by Spring. Instead, it's an inherent insecurity of
+	   Java Serialization, and the advice is not to rely on Java Serialization for untrusted data.
+   ]]></notes>
+   <cve>CVE-2016-1000027</cve>
+</suppress>
+<suppress>
+   <notes><![CDATA[
+   Kotlin is only included as transitive dependency from okhttp, therefore both CVEs don't apply.
+   ]]></notes>
+   <packageUrl regex="true">^pkg:maven/org\.jetbrains\.kotlin/kotlin\-.*$</packageUrl>
+   <cpe>cpe:/a:jetbrains:kotlin</cpe>
+   <cve>CVE-2020-29582</cve>
+   <cve>CVE-2022-24329</cve>
+</suppress>
+</suppressions>
diff --git a/gradle.properties b/gradle.properties
index 2efbb30c..7ab96cb2 100644
--- a/gradle.properties
+++ b/gradle.properties
@@ -2,9 +2,9 @@
 project.version=0.23.0
 
 ## dependency versions
-jackson.version=2.13.1
+jackson.version=2.13.3
 slf4j.version=1.7.25
-spring.version=5.3.18
+spring.version=5.3.20
 mockito.version=4.3.1
 junit.version=4.13.1
 testContainersV=1.16.2