diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index cbeab86467..d0460f4ea2 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -38,6 +38,8 @@ Changed
 
   Contributed by @nmaludy, @winem, and @blag
 
+* Updated cryptography dependency to version 3.3.2 to avoid CVE-2020-36242 (security) #5151
+
 Fixed
 ~~~~~
 
diff --git a/fixed-requirements.txt b/fixed-requirements.txt
index 39f8c9f709..a98a90dc34 100644
--- a/fixed-requirements.txt
+++ b/fixed-requirements.txt
@@ -6,7 +6,7 @@ apscheduler==3.6.3
 chardet<3.1.0
 # NOTE: 2.0 version breaks pymongo work with hosts
 dnspython>=1.16.0,<2.0.0
-cryptography==3.2
+cryptography==3.3.2
 # Note: 0.20.0 removed select.poll() on which some of our code and libraries we
 # depend on rely
 eventlet==0.25.1
diff --git a/requirements.txt b/requirements.txt
index 1039d0bcd1..2b5aa2436c 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -11,7 +11,7 @@ apscheduler==3.6.3
 argcomplete
 bcrypt==3.1.7
 chardet<3.1.0
-cryptography==3.2
+cryptography==3.3.2
 dnspython<2.0.0,>=1.16.0
 eventlet==0.25.1
 flex==6.14.0
diff --git a/st2client/requirements.txt b/st2client/requirements.txt
index 3bbc655d71..6390dcabb1 100644
--- a/st2client/requirements.txt
+++ b/st2client/requirements.txt
@@ -7,7 +7,7 @@
 # update the component requirements.txt
 argcomplete
 chardet<3.1.0
-cryptography==3.2
+cryptography==3.3.2
 jsonpath-rw==1.4.0
 jsonschema==2.6.0
 more-itertools==5.0.0
diff --git a/st2common/requirements.txt b/st2common/requirements.txt
index f11a8dc5ae..c3ee24e5f3 100644
--- a/st2common/requirements.txt
+++ b/st2common/requirements.txt
@@ -8,7 +8,7 @@
 amqp==2.5.2
 apscheduler==3.6.3
 chardet<3.1.0
-cryptography==3.2
+cryptography==3.3.2
 dnspython<2.0.0,>=1.16.0
 eventlet==0.25.1
 flex==6.14.0
diff --git a/st2tests/st2tests/fixtures/packs/test_content_version b/st2tests/st2tests/fixtures/packs/test_content_version
index 0c7333aec3..4651230820 160000
--- a/st2tests/st2tests/fixtures/packs/test_content_version
+++ b/st2tests/st2tests/fixtures/packs/test_content_version
@@ -1 +1 @@
-Subproject commit 0c7333aec3854bd5aba8e8fc86cb942c0e3b32a9
+Subproject commit 4651230820be5ef9eb7b204da8c6fc92721d7c21