diff --git a/Cargo.lock b/Cargo.lock
index df6a1ba2..fe04e43a 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -4181,9 +4181,9 @@ dependencies = [
 
 [[package]]
 name = "jsonwebtoken"
-version = "10.3.0"
+version = "10.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0529410abe238729a60b108898784df8984c87f6054c9c4fcacc47e4803c1ce1"
+checksum = "eba32bfb4ffdeaca3e34431072faf01745c9b26d25504aa7a6cf5684334fc4fc"
 dependencies = [
  "base64 0.22.1",
  "ed25519-dalek",
@@ -4200,6 +4200,7 @@ dependencies = [
  "sha2 0.10.9",
  "signature",
  "simple_asn1",
+ "zeroize",
 ]
 
 [[package]]
diff --git a/crates/vectorizer-server/Cargo.toml b/crates/vectorizer-server/Cargo.toml
index e71b41e7..7cb399d6 100644
--- a/crates/vectorizer-server/Cargo.toml
+++ b/crates/vectorizer-server/Cargo.toml
@@ -47,7 +47,7 @@ async-graphql = { version = "7.0", features = ["chrono", "uuid"] }
 async-graphql-axum = "7.0"
 
 # Auth + security primitives
-jsonwebtoken = { version = "10.1", features = ["rust_crypto"] }
+jsonwebtoken = { version = "10.4", features = ["rust_crypto"] }
 hmac = "0.13"
 base64 = "0.22"
 bcrypt = "0.19"
diff --git a/crates/vectorizer/Cargo.toml b/crates/vectorizer/Cargo.toml
index 3f0bd393..b7a9ab08 100644
--- a/crates/vectorizer/Cargo.toml
+++ b/crates/vectorizer/Cargo.toml
@@ -114,7 +114,7 @@ regex = { version = "1.10", default-features = false, features = ["std", "unicod
 openssl = { version = "0.10", features = ["vendored"], optional = true }
 
 # Authentication and security
-jsonwebtoken = { version = "10.1", features = ["rust_crypto"] }
+jsonwebtoken = { version = "10.4", features = ["rust_crypto"] }
 uuid = { version = "1.22", features = ["v4", "v5", "serde"] }
 rand = "0.9"
 hmac = "0.13"           # HMAC for request signing