diff --git a/ChangeLog.md b/ChangeLog.md
index 63a3e5e..856d055 100644
--- a/ChangeLog.md
+++ b/ChangeLog.md
@@ -5,6 +5,10 @@
 
 # SW360 Base Library for Python
 
+## NEXT
+
+* update requests 2.31.0 => 2.32.2 to fix CVE-2024-35195.
+
 ## V1.5.0
 
 * when using CaPyCLI in a CI pipeline, connection problems to the SW360 server (5xx) cause
diff --git a/poetry.lock b/poetry.lock
index 337aae4..5c02713 100644
--- a/poetry.lock
+++ b/poetry.lock
@@ -729,14 +729,14 @@ files = [
 
 [[package]]
 name = "requests"
-version = "2.31.0"
+version = "2.32.2"
 description = "Python HTTP for Humans."
 category = "main"
 optional = false
-python-versions = ">=3.7"
+python-versions = ">=3.8"
 files = [
-    {file = "requests-2.31.0-py3-none-any.whl", hash = "sha256:58cd2187c01e70e6e26505bca751777aa9f2ee0b7f4300988b709f44e013003f"},
-    {file = "requests-2.31.0.tar.gz", hash = "sha256:942c5a758f98d790eaed1a29cb6eefc7ffb0d1cf7af05c3d2791656dbd6ad1e1"},
+    {file = "requests-2.32.2-py3-none-any.whl", hash = "sha256:fc06670dd0ed212426dfeb94fc1b983d917c4f9847c863f313c9dfaaffb7c23c"},
+    {file = "requests-2.32.2.tar.gz", hash = "sha256:dd951ff5ecf3e3b3aa26b40703ba77495dab41da839ae72ef3c8e5d8e2433289"},
 ]
 
 [package.dependencies]
diff --git a/pyproject.toml b/pyproject.toml
index 43c9b56..57955eb 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -24,7 +24,7 @@ classifiers = [
 
 [tool.poetry.dependencies]
 python = "^3.8" # because 3.8 is the minimum requirement for isort, mypy
-requests = "^2.31.0" # fix CVE-2023-32681
+requests = "^2.32.2" # fix CVE-2024-35195 
 
 [tool.poetry.group.dev.dependencies]
 colorama = "^0.4.6"