diff --git a/pyproject.toml b/pyproject.toml
index edbe05c66..f7d4d05dd 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -247,6 +247,7 @@ ignore = [
     "S105",  # possible hardcoded password
     "S110",  # try/except/pass detected
     "S113",  # probable use of requests call without timeout
+    "S301",  # 'pickle' unsafe when loading untrusted data
     "S324",  # probable use of insecure hash functions
     "S701",  # use autoescape=True for Jinja
     # flake8-simplify
diff --git a/sphinx/testing/util.py b/sphinx/testing/util.py
index 4722f9dc5..887f8dbfe 100644
--- a/sphinx/testing/util.py
+++ b/sphinx/testing/util.py
@@ -82,7 +82,7 @@ def assert_node(node: Node, cls: Any = None, xpath: str = "", **kwargs: Any) ->
 def etree_parse(path: str) -> Any:
     with warnings.catch_warnings(record=False):
         warnings.filterwarnings("ignore", category=DeprecationWarning)
-        return ElementTree.parse(path)
+        return ElementTree.parse(path)  # NoQA: S314  # using known data in tests
 
 
 class Struct:
diff --git a/tests/test_build_epub.py b/tests/test_build_epub.py
index 1827233a3..19c2742a1 100644
--- a/tests/test_build_epub.py
+++ b/tests/test_build_epub.py
@@ -36,7 +36,8 @@ class EPUBElementTree:
 
     @classmethod
     def fromstring(cls, string):
-        return cls(ElementTree.fromstring(string))
+        tree = ElementTree.fromstring(string)  # NoQA: S314  # using known data in tests
+        return cls(tree)
 
     def find(self, match):
         ret = self.tree.find(match, namespaces=self.namespaces)
diff --git a/tests/test_build_latex.py b/tests/test_build_latex.py
index 784ba7e4b..d1533ed5a 100644
--- a/tests/test_build_latex.py
+++ b/tests/test_build_latex.py
@@ -862,7 +862,7 @@ def test_latex_show_urls_is_inline(app, status, warning):
             '(http://sphinx\\sphinxhyphen{}doc.org/)}\n'
             '\\sphinxAtStartPar\nDescription' in result)
     assert ('\\sphinxlineitem{Footnote in term \\sphinxfootnotemark[7]}%\n'
-            '\\begin{footnotetext}[7]\\sphinxAtStartFootnote\n')
+            '\\begin{footnotetext}[7]\\sphinxAtStartFootnote\n' in result)
     assert ('\\sphinxlineitem{\\sphinxhref{http://sphinx-doc.org/}{URL in term} '
             '(http://sphinx\\sphinxhyphen{}doc.org/)}\n'
             '\\sphinxAtStartPar\nDescription' in result)
diff --git a/tests/test_domain_c.py b/tests/test_domain_c.py
index 9a78973c4..1f894c84a 100644
--- a/tests/test_domain_c.py
+++ b/tests/test_domain_c.py
@@ -630,7 +630,7 @@ def extract_role_links(app, filename):
     lis = [l for l in t.split('\n') if l.startswith("<li")]
     entries = []
     for l in lis:
-        li = ElementTree.fromstring(l)
+        li = ElementTree.fromstring(l)  # NoQA: S314  # using known data in tests
         aList = list(li.iter('a'))
         assert len(aList) == 1
         a = aList[0]
diff --git a/tests/test_ext_coverage.py b/tests/test_ext_coverage.py
index a7728a82d..55064e63a 100644
--- a/tests/test_ext_coverage.py
+++ b/tests/test_ext_coverage.py
@@ -18,7 +18,7 @@ def test_build(app, status, warning):
     assert ' * function\n' not in py_undoc  # these two are documented
     assert ' * Class\n' not in py_undoc     # in autodoc.txt
 
-    assert ' * mod -- No module named mod'  # in the "failed import" section
+    assert " * mod -- No module named 'mod'" in py_undoc  # in the "failed import" section
 
     assert "undocumented  py" not in status.getvalue()