Is it possible to ignore 'low' severity vulnerabilities?