diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
index 8fb2a44b..f3fd3bf6 100644
--- a/.github/workflows/security.yml
+++ b/.github/workflows/security.yml
@@ -48,7 +48,7 @@ jobs:
         run: just security
 
       - name: 🌐 Run osv-scanner (multi-ecosystem vulnerability scan)
-        uses: google/osv-scanner-action/osv-scanner-action@v2.3.5
+        uses: google/osv-scanner-action/osv-scanner-action@v2.3.8
 
   semgrep:
     name: Semgrep CE Scan
@@ -147,7 +147,7 @@ jobs:
           fetch-depth: 0 # Full history required for comprehensive secret scanning
 
       - name: 🔑 Run TruffleHog (secret detection)
-        uses: trufflesecurity/trufflehog@v3.95.2
+        uses: trufflesecurity/trufflehog@v3.95.3
         with:
           path: ./
           extra_args: --only-verified