diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 8ec7a0bff..1d31819b0 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -158,11 +158,11 @@ importers:
         specifier: 0.0.12
         version: 0.0.12
       express:
-        specifier: 4.19.1
-        version: 4.19.1
+        specifier: 4.19.2
+        version: 4.19.2
       express-rate-limit:
         specifier: ^7.2.0
-        version: 7.2.0(express@4.19.1)
+        version: 7.2.0(express@4.19.2)
       express-session:
         specifier: npm:@etherpad/express-session@^1.18.2
         version: /@etherpad/express-session@1.18.2
@@ -4001,17 +4001,17 @@ packages:
       mime: 1.6.0
     dev: false
 
-  /express-rate-limit@7.2.0(express@4.19.1):
+  /express-rate-limit@7.2.0(express@4.19.2):
     resolution: {integrity: sha512-T7nul1t4TNyfZMJ7pKRKkdeVJWa2CqB8NA1P8BwYaoDI5QSBZARv5oMS43J7b7I5P+4asjVXjb7ONuwDKucahg==}
     engines: {node: '>= 16'}
     peerDependencies:
       express: 4 || 5 || ^5.0.0-beta.1
     dependencies:
-      express: 4.19.1
+      express: 4.19.2
     dev: false
 
-  /express@4.19.1:
-    resolution: {integrity: sha512-K4w1/Bp7y8iSiVObmCrtq8Cs79XjJc/RU2YYkZQ7wpUu5ZyZ7MtPHkqoMz4pf+mgXfNvo2qft8D9OnrH2ABk9w==}
+  /express@4.19.2:
+    resolution: {integrity: sha512-5T6nhjsT+EOMzuck8JjBHARTHfMht0POzlA60WV2pMD3gyXw2LZnZ+ueGdNxG+0calOJcWKbpFcuzLZ91YWq9Q==}
     engines: {node: '>= 0.10.0'}
     dependencies:
       accepts: 1.3.8
diff --git a/src/package.json b/src/package.json
index 9e749c119..9652b1ff9 100644
--- a/src/package.json
+++ b/src/package.json
@@ -38,7 +38,7 @@
     "ejs": "^3.1.9",
     "etherpad-require-kernel": "^1.0.16",
     "etherpad-yajsml": "0.0.12",
-    "express": "4.19.1",
+    "express": "4.19.2",
     "express-rate-limit": "^7.2.0",
     "express-session": "npm:@etherpad/express-session@^1.18.2",
     "fast-deep-equal": "^3.1.3",