diff --git a/pyproject.toml b/pyproject.toml
index b1e74e39..398724af 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -24,6 +24,9 @@ dependencies = [
     "jinja2>=3.1",
     "fastapi>=0.110.0",
     "uvicorn>=0.29.0",
+    # Direct floor on starlette (transitive via fastapi) to require the fixes
+    # for CVE-2026-48817/48818/54282/54283.
+    "starlette>=1.3.1",
     "aiosqlite>=0.20.0",
     "asyncmy>=0.2.11",
     "PyJWT>=2.8.0",
@@ -33,8 +36,8 @@ dependencies = [
     "sqlmodel>=0.0.16",
     "scapy>=2.6.1",
     "orjson>=3.10",
-    "cryptography>=46.0.7",
-    "python-multipart>=0.0.20",
+    "cryptography>=48.0.1",
+    "python-multipart>=0.0.31",
     "httpx>=0.28.1",
     "requests>=2.33.1",
     "urllib3>=2.7.0",