Packages flagged with CVE originates from ironbank repo

I see that the packages that were flagged with CVE actually comes from the ironbank repos ... ubi-8-appstream .... How do we request from platform one to update these repos to the latest version of these packages (wget and python3) or have these package versions whitelisted ?