diff --git a/CHANGELOG.md b/CHANGELOG.md
index c7f4843b8223..ff163ea23511 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -26,7 +26,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Kibana wrong working time calculation with new annotation UI use (<https://github.com/opencv/cvat/pull/1654>)
 
 ### Security
--
+- SQL injection in Django `CVE-2020-9402` (https://github.com/opencv/cvat/pull/1657)
 
 ## [1.0.0] - 2020-05-29
 ### Added
diff --git a/cvat/requirements/base.txt b/cvat/requirements/base.txt
index 75b7ae8eabba..8148a17c637b 100644
--- a/cvat/requirements/base.txt
+++ b/cvat/requirements/base.txt
@@ -1,5 +1,5 @@
 click==6.7
-Django==2.2.10
+Django==2.2.13
 django-appconf==1.0.2
 django-auth-ldap==1.4.0
 django-cacheops==4.0.6