diff --git a/requirements.txt b/requirements.txt
index bd2f8a4..a6913d8 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,6 +1,8 @@
 PySide6>=6.11.1
 pypdf>=6.13.0
-cryptography>=48.0.0
+# GHSA-537c-gmf6-5ccf: signature verification bypass in legacy OpenSSL
+# providers fixed in 48.0.1.
+cryptography>=48.0.1
 qtawesome>=1.4.1
 pillow>=12.1.1
 pymupdf>=1.27.2.3
@@ -15,4 +17,9 @@ ebooklib>=0.20
 # external entities by default, allowing crafted DOCX/PPTX/EPUB/PDF-XMP
 # files to read arbitrary local files).
 lxml>=6.1.0
+# Transitive of cryptography/requests; pinned to address advisories
+# PYSEC-2026-141 / 142 / GHSA series for urllib3 < 2.7.0.
+urllib3>=2.7.0
+# Transitive of urllib3/requests; PYSEC-2026-215 for idna < 3.15.
+idna>=3.15
 pyinstaller>=6.20.0