diff --git a/Gemfile b/Gemfile
index fdba2deba..443280985 100644
--- a/Gemfile
+++ b/Gemfile
@@ -12,3 +12,8 @@ gem 'fastlane-plugin-wpmreleasetoolkit', '~> 13.8'
 # Security: https://github.com/lostisland/faraday/pull/1665
 # Faraday 2.0 is not compatible with Fastlane
 gem 'faraday', '~> 1.10', '>= 1.10.5'
+
+# Pinned to pull in the fix for GHSA-c4rq-3m3g-8wgx (CSS selector ReDoS).
+# Drop once `fastlane-plugin-wpmreleasetoolkit` moves to >= 14.4.1, whose
+# gemspec carries this floor transitively.
+gem 'nokogiri', '~> 1.19', '>= 1.19.3'
diff --git a/Gemfile.lock b/Gemfile.lock
index c3920b3ae..b9837d102 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -259,7 +259,7 @@ GEM
     nanaimo (0.4.0)
     nap (1.1.0)
     naturally (2.3.0)
-    nokogiri (1.19.1)
+    nokogiri (1.19.3)
       mini_portile2 (~> 2.8.2)
       racc (~> 1.4)
     octokit (6.1.1)
@@ -359,6 +359,7 @@ DEPENDENCIES
   faraday (~> 1.10, >= 1.10.5)
   fastlane (~> 2.228)
   fastlane-plugin-wpmreleasetoolkit (~> 13.8)
+  nokogiri (>= 1.19.3)
 
 BUNDLED WITH
    2.6.8