diff --git a/pyproject.toml b/pyproject.toml
index 534682d..8e2ca1d 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -7,6 +7,9 @@ requires-python = ">=3.11"
 dependencies = [
     "flask>=3.0",
     "cryptography>=42.0",
+    # Security fixes (transitive dependency pins)
+    "urllib3>=2.6.3",
+    "jaraco.context>=6.1.0",
 ]
 
 [project.optional-dependencies]
diff --git a/requirements.txt b/requirements.txt
index 0be6149..02306a6 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -9,3 +9,8 @@ prometheus-flask-exporter>=0.23
 
 # PKI support (optional)
 cryptography>=42.0
+
+# Security fixes (transitive dependency pins)
+urllib3>=2.6.3
+jaraco.context>=6.1.0
+setuptools>=80.0