diff --git a/syft/pkg/cataloger/internal/cpegenerate/candidate_by_package_type.go b/syft/pkg/cataloger/internal/cpegenerate/candidate_by_package_type.go
index e9e492fd7..90f46398e 100644
--- a/syft/pkg/cataloger/internal/cpegenerate/candidate_by_package_type.go
+++ b/syft/pkg/cataloger/internal/cpegenerate/candidate_by_package_type.go
@@ -630,14 +630,34 @@ var defaultCandidateRemovals = buildCandidateRemovalLookup(
 			candidateRemovals{ProductsToRemove: []string{"grpc"}},
 		},
 		// Rust packages
+		{
+			pkg.RustPkg,
+			candidateKey{PkgName: "hyper"},
+			// Avoid matching CVE-2024-23741
+			candidateRemovals{VendorsToRemove: []string{"vercel"}},
+		},
 		{
 			pkg.RustPkg,
 			candidateKey{PkgName: "opentelemetry"},
+			// Avoid matching CVE-2023-45142
 			candidateRemovals{ProductsToRemove: []string{"opentelemetry"}},
 		},
+		{
+			pkg.RustPkg,
+			candidateKey{PkgName: "prometheus"},
+			// Avoid matching CVE-2019-3826
+			candidateRemovals{VendorsToRemove: []string{"prometheus"}},
+		},
+		{
+			pkg.RustPkg,
+			candidateKey{PkgName: "phf"},
+			// Avoid matching CVE-2000-1186
+			candidateRemovals{VendorsToRemove: []string{"phf"}},
+		},
 		{
 			pkg.RustPkg,
 			candidateKey{PkgName: "redis"},
+			// Avoid matching CVE-2022-24735
 			candidateRemovals{VendorsToRemove: []string{"redis"}},
 		},
 		// PHP packages