diff --git a/dist/index.js b/dist/index.js
index a5b9f3f..a9b6a44 100644
--- a/dist/index.js
+++ b/dist/index.js
@@ -13436,7 +13436,7 @@ function getAlert(name, version, directory, client, context) {
     });
 }
 function trimSlashes(value) {
-    return value.replace(/^\//, '').replace(/\/$/, '');
+    return value.replace(/^\/+/, '').replace(/\/+$/, '');
 }
 
 // EXTERNAL MODULE: ./node_modules/yaml/index.js
diff --git a/src/dependabot/verified_commits.test.ts b/src/dependabot/verified_commits.test.ts
index f143706..5a5a72c 100644
--- a/src/dependabot/verified_commits.test.ts
+++ b/src/dependabot/verified_commits.test.ts
@@ -2,7 +2,7 @@ import * as github from '@actions/github'
 import * as core from '@actions/core'
 import nock from 'nock'
 import { Context } from '@actions/github/lib/context'
-import { getMessage } from './verified_commits'
+import { getAlert, getMessage, trimSlashes } from './verified_commits'
 
 beforeAll(() => {
   nock.disableNetConnect()
@@ -130,6 +130,70 @@ test('it returns the commit message for a PR authored exclusively by Dependabot
   expect(await getMessage(mockGitHubClient, mockGitHubPullContext())).toEqual('Bump lodash from 1.0.0 to 2.0.0')
 })
 
+const query = '{"query":"\\n     {\\n       repository(owner: \\"dependabot\\", name: \\"dependabot\\") { \\n         vulnerabilityAlerts(first: 100) {\\n           nodes {\\n             vulnerableManifestFilename\\n             vulnerableManifestPath\\n             vulnerableRequirements\\n             state\\n             securityVulnerability { \\n               package { name } \\n             }\\n             securityAdvisory { \\n              cvss { score }\\n              ghsaId \\n             }\\n           }\\n         }\\n       }\\n     }"}'
+
+const response = {
+  data: {
+    repository: {
+      vulnerabilityAlerts: {
+        nodes: [
+          {
+            vulnerableManifestFilename: 'package.json',
+            vulnerableManifestPath: 'wwwroot/package.json',
+            vulnerableRequirements: '= 4.0.1',
+            state: 'DISMISSED',
+            securityVulnerability: { package: { name: 'coffee-script' } },
+            securityAdvisory: { cvss: { score: 4.5 }, ghsaId: 'FOO' }
+          }
+        ]
+      }
+    }
+  }
+}
+
+test('it returns the alert state if it matches all 3', async () => {
+  nock('https://api.github.com').post('/graphql', query)
+    .reply(200, response)
+
+  expect(await getAlert('coffee-script', '4.0.1', '/wwwroot', mockGitHubClient, mockGitHubPullContext())).toEqual({ alertState: 'DISMISSED', cvss: 4.5, ghsaId: 'FOO' })
+})
+
+test('it returns the alert state if it matches 2 and the version is blank', async () => {
+  nock('https://api.github.com').post('/graphql', query)
+    .reply(200, response)
+
+  expect(await getAlert('coffee-script', '', '/wwwroot', mockGitHubClient, mockGitHubPullContext())).toEqual({ alertState: 'DISMISSED', cvss: 4.5, ghsaId: 'FOO' })
+})
+
+test('it returns default if it does not match the version', async () => {
+  nock('https://api.github.com').post('/graphql', query)
+    .reply(200, response)
+
+  expect(await getAlert('coffee-script', '4.0.2', '/wwwroot', mockGitHubClient, mockGitHubPullContext())).toEqual({ alertState: '', cvss: 0, ghsaId: '' })
+})
+
+test('it returns default if it does not match the directory', async () => {
+  nock('https://api.github.com').post('/graphql', query)
+    .reply(200, response)
+
+  expect(await getAlert('coffee-script', '4.0.1', '/', mockGitHubClient, mockGitHubPullContext())).toEqual({ alertState: '', cvss: 0, ghsaId: '' })
+})
+
+test('it returns default if it does not match the name', async () => {
+  nock('https://api.github.com').post('/graphql', query)
+    .reply(200, response)
+
+  expect(await getAlert('coffee', '4.0.1', '/wwwroot', mockGitHubClient, mockGitHubPullContext())).toEqual({ alertState: '', cvss: 0, ghsaId: '' })
+})
+
+test('trimSlashes should only trim slashes from both ends', () => {
+  expect(trimSlashes('')).toEqual('')
+  expect(trimSlashes('///')).toEqual('')
+  expect(trimSlashes('/abc/')).toEqual('abc')
+  expect(trimSlashes('/a/b/c/')).toEqual('a/b/c')
+  expect(trimSlashes('//a//b//c//')).toEqual('a//b//c')
+})
+
 const mockGitHubClient = github.getOctokit('mock-token')
 
 function mockGitHubOtherContext (): Context {
diff --git a/src/dependabot/verified_commits.ts b/src/dependabot/verified_commits.ts
index 885ed26..fd0c927 100644
--- a/src/dependabot/verified_commits.ts
+++ b/src/dependabot/verified_commits.ts
@@ -98,5 +98,5 @@ export async function getAlert (name: string, version: string, directory: string
 }
 
 export function trimSlashes (value: string): string {
-  return value.replace(/^\//, '').replace(/\/$/, '')
+  return value.replace(/^\/+/, '').replace(/\/+$/, '')
 }