diff --git a/plugins/woocommerce-blocks/src/Assets/Api.php b/plugins/woocommerce-blocks/src/Assets/Api.php
index 3e3772fc4f0..e5a76056965 100644
--- a/plugins/woocommerce-blocks/src/Assets/Api.php
+++ b/plugins/woocommerce-blocks/src/Assets/Api.php
@@ -95,6 +95,8 @@ class Api {
 			);
 
 			if ( file_exists( $asset_path ) ) {
+				// The following require is safe because we are checking if the file exists and it is not a user input.
+				// nosemgrep audit.php.lang.security.file.inclusion-arg.
 				$asset        = require $asset_path;
 				$dependencies = isset( $asset['dependencies'] ) ? array_merge( $asset['dependencies'], $dependencies ) : $dependencies;
 				$version      = ! empty( $asset['version'] ) ? $asset['version'] : $this->get_file_version( $relative_src );
diff --git a/plugins/woocommerce-blocks/src/AssetsController.php b/plugins/woocommerce-blocks/src/AssetsController.php
index 94c8ddf61ac..6691c1ff586 100644
--- a/plugins/woocommerce-blocks/src/AssetsController.php
+++ b/plugins/woocommerce-blocks/src/AssetsController.php
@@ -182,7 +182,7 @@ final class AssetsController {
 			$this->api->get_block_asset_build_path( $filename )
 		);
 		$resources   = array_merge(
-			[ add_query_arg( 'ver', $script_data['version'], $script_data['src'] ) ],
+			[ esc_url( add_query_arg( 'ver', $script_data['version'], $script_data['src'] ) ) ],
 			$this->get_script_dependency_src_array( $script_data['dependencies'] )
 		);
 		return array_map(
@@ -208,7 +208,7 @@ final class AssetsController {
 			$dependencies,
 			function( $src, $handle ) use ( $wp_scripts ) {
 				if ( isset( $wp_scripts->registered[ $handle ] ) ) {
-					$src[] = add_query_arg( 'ver', $wp_scripts->registered[ $handle ]->ver, $this->get_absolute_url( $wp_scripts->registered[ $handle ]->src ) );
+					$src[] = esc_url( add_query_arg( 'ver', $wp_scripts->registered[ $handle ]->ver, $this->get_absolute_url( $wp_scripts->registered[ $handle ]->src ) ) );
 					$src   = array_merge( $src, $this->get_script_dependency_src_array( $wp_scripts->registered[ $handle ]->deps ) );
 				}
 				return $src;
diff --git a/plugins/woocommerce-blocks/src/BlockTypes/MiniCart.php b/plugins/woocommerce-blocks/src/BlockTypes/MiniCart.php
index 88e6c81ffab..ea674438ff5 100644
--- a/plugins/woocommerce-blocks/src/BlockTypes/MiniCart.php
+++ b/plugins/woocommerce-blocks/src/BlockTypes/MiniCart.php
@@ -181,12 +181,14 @@ class MiniCart extends AbstractBlock {
 				);
 			}
 
-			$template_part_edit_uri = add_query_arg(
-				array(
-					'postId'   => sprintf( '%s//%s', $theme_slug, 'mini-cart' ),
-					'postType' => 'wp_template_part',
-				),
-				$site_editor_uri
+			$template_part_edit_uri = esc_url(
+				add_query_arg(
+					array(
+						'postId'   => sprintf( '%s//%s', $theme_slug, 'mini-cart' ),
+						'postType' => 'wp_template_part',
+					),
+					$site_editor_uri
+				)
 			);
 		}
 
diff --git a/plugins/woocommerce-blocks/src/StoreApi/Utilities/Pagination.php b/plugins/woocommerce-blocks/src/StoreApi/Utilities/Pagination.php
index 42678de66f7..efb515f642a 100644
--- a/plugins/woocommerce-blocks/src/StoreApi/Utilities/Pagination.php
+++ b/plugins/woocommerce-blocks/src/StoreApi/Utilities/Pagination.php
@@ -54,7 +54,7 @@ class Pagination {
 	 * @return string
 	 */
 	protected function get_link_base( $request ) {
-		return add_query_arg( $request->get_query_params(), rest_url( $request->get_route() ) );
+		return esc_url( add_query_arg( $request->get_query_params(), rest_url( $request->get_route() ) ) );
 	}
 
 	/**