diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 588be5b..9389346 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -57,3 +57,20 @@ jobs:
         uses: codecov/codecov-action@v5.5.2
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
+
+  audit:
+    name: Dependency vulnerability scan
+    runs-on: ubuntu-latest
+    continue-on-error: true
+    steps:
+      - uses: actions/checkout@v6
+        with:
+          fetch-depth: 0
+
+      - name: Set up pixi
+        uses: prefix-dev/setup-pixi@v0.9.4
+        with:
+          pixi-version: v0.63.2
+
+      - name: Run pip-audit
+        run: pixi run pip-audit
diff --git a/pixi.toml b/pixi.toml
index 528c6dd..8435fd8 100644
--- a/pixi.toml
+++ b/pixi.toml
@@ -30,7 +30,8 @@ python = "~=3.12"
 pre-commit = ">=4.2.0,<5"
 pytest = ">=8.4.2,<9"
 pytest-cov = ">=7.0.0,<8"
-pip = ">=25.2,<26"
+pip-audit = ">=2.7.3,<3"
+pip = ">=26.0,<27"
 docker-compose = ">=2.39.2,<3"
 docker-cli = ">=28.3.1,<29"
 testcontainers = ">=4.13.2,<5"
@@ -45,10 +46,14 @@ pandas = ">=2.2,<3"
 packaging = "<25.1"
 importlib-metadata = "<8.8"
 pytz = "<2026"
+requests = ">=2.33.0"
+aiohttp = ">=3.13.4"
+pygments = ">=2.20.0"
 
 [tasks]
 pre-commit-all = "pre-commit run --all-files"
 pre-commit-install = "pre-commit install"
+pip-audit = { cmd = "pip-audit", description = "Scan installed Python packages for known vulnerabilities." }
 initial-migration = { cmd = [
     "docker-compose",
     "-f",
@@ -295,7 +300,7 @@ depends-on = [{ task = "start-services" }]
 # Webservice Dependencies
 [feature.webservice.pypi-dependencies]
 ca-biositing-webservice = { path = "./src/ca_biositing/webservice", editable = true }
-fastapi = ">=0.111.0,<0.115.0"
+fastapi = ">=0.115.0"
 pydantic = ">=2.5,<3.0"
 pyjwt = ">=2.0,<3"
 pwdlib = { version = ">=0.2.0", extras = ["argon2"] }
@@ -435,3 +440,5 @@ matplotlib = "*"
 
 [pypi-dependencies]
 sqlalchemy = ">=2.0.44, <3"
+# Minimum versions to address known CVEs in transitive dependencies
+starlette = ">=0.47.2"
diff --git a/src/ca_biositing/webservice/pyproject.toml b/src/ca_biositing/webservice/pyproject.toml
index 4f62e6a..3a422c6 100644
--- a/src/ca_biositing/webservice/pyproject.toml
+++ b/src/ca_biositing/webservice/pyproject.toml
@@ -23,7 +23,7 @@ classifiers = [
 dynamic = ["version"]
 dependencies = [
     "ca-biositing-datamodels",
-    "fastapi>=0.111.0,<0.115.0",
+    "fastapi>=0.115.0",
     "uvicorn>=0.30.0,<1",
     "httpx>=0.27.0",
     "pyjwt>=2.0,<3",