Nugetauditsuppress Link

warning NU1901: Package 'Newtonsoft.Json' 12.0.1 has a known critical vulnerability. This audit is controlled by two main properties:

Date: April 14, 2026 Subject: Analysis of the NuGetAuditSuppress MSBuild property 1. Executive Summary NuGetAuditSuppress is an MSBuild property introduced in .NET 8 (and backported to certain .NET 7 SDKs) to control the NuGet vulnerability audit feature. By default, dotnet restore and dotnet build report known security vulnerabilities in your project’s transitive or direct packages. Setting NuGetAuditSuppress to true silences these warnings entirely. 2. Background: NuGet Audit Since .NET 8, the NuGet client automatically queries the NuGet Vulnerability Database during restore. If a package with a known, unpatched vulnerability (CVE) is referenced, the build produces warnings like: nugetauditsuppress

dotnet list package --vulnerable NuGetAuditSuppress is a quick but heavy-handed tool. It should be used temporarily or very selectively in non-production builds. For most teams, adjusting NuGetAuditLevel or explicitly fixing vulnerable packages is a safer, more maintainable approach. If you must suppress, document the reason and set a reminder to revisit. Recommendation: Avoid NuGetAuditSuppress=true in CI/CD or release builds. Prefer NuGetAudit=false if you must skip auditing, and use dedicated software composition analysis (SCA) tools for proper vulnerability management. warning NU1901: Package 'Newtonsoft

dotnet restore --verbosity detailed | grep "Audit" Or list vulnerabilities regardless of suppression: By default, dotnet restore and dotnet build report