diff --git a/tools/dependency/cve_scan.py b/tools/dependency/cve_scan.py
index bf4570970d26..6496c8b7f561 100755
--- a/tools/dependency/cve_scan.py
+++ b/tools/dependency/cve_scan.py
@@ -39,6 +39,9 @@
     'CVE-2020-8277',
     # gRPC issue that only affects Javascript bindings.
     'CVE-2020-7768',
+    # Node.js issue unrelated to http-parser, see
+    # https://github.com/mhart/StringStream/issues/7.
+    'CVE-2018-21270',
 ])
 
 # Subset of CVE fields that are useful below.