diff --git a/poetry.lock b/poetry.lock
index 6ab56cd5c..efd3846b2 100644
--- a/poetry.lock
+++ b/poetry.lock
@@ -1057,13 +1057,13 @@ files = [
 
 [[package]]
 name = "h2"
-version = "4.2.0"
+version = "4.3.0"
 description = "Pure-Python HTTP/2 protocol implementation"
 optional = false
 python-versions = ">=3.9"
 files = [
-    {file = "h2-4.2.0-py3-none-any.whl", hash = "sha256:479a53ad425bb29af087f3458a61d30780bc818e4ebcf01f0b536ba916462ed0"},
-    {file = "h2-4.2.0.tar.gz", hash = "sha256:c8a52129695e88b1a0578d8d2cc6842bbd79128ac685463b887ee278126ad01f"},
+    {file = "h2-4.3.0-py3-none-any.whl", hash = "sha256:c438f029a25f7945c69e0ccf0fb951dc3f73a5f6412981daee861431b70e2bdd"},
+    {file = "h2-4.3.0.tar.gz", hash = "sha256:6c59efe4323fa18b47a632221a1888bd7fde6249819beda254aeca909f221bf1"},
 ]
 
 [package.dependencies]
@@ -3858,4 +3858,4 @@ all = ["CairoSVG", "Flask", "better-exceptions", "datadog-api-client", "grafana-
 [metadata]
 lock-version = "2.0"
 python-versions = "^3.9, <3.12"
-content-hash = "c752cf90fa10d45a93df8633a3dc69d56033b6fac3d9830358dbe3801337cbee"
+content-hash = "9f07819ac0406ea11c7d59e0efb644712635e56847b8c81ff16605ffb40866cf"
diff --git a/pyproject.toml b/pyproject.toml
index cbab824e4..3c88f5971 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -75,6 +75,8 @@ pyjwt = "^2.4.0"
 urllib3 = "^1.26.20"
 httpx = "0.27.2"
 postgrest = "0.16.8"
+# Pin to fix cve https://github.com/robusta-dev/robusta/security/dependabot/85
+h2 = "^4.3.0" 
 
 [tool.poetry.dev-dependencies]
 pre-commit = "^2.13.0"