diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 71ecbe5..8cdaf89 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -144,7 +144,7 @@ jobs:
         # Complements npm audit by hitting OSV's broader vulnerability index
         # (covers ecosystems npm audit doesn't and reflects newly-published
         # advisories faster than the npm registry's mirror).
-        uses: google/osv-scanner-action/osv-scanner-action@v1.9.0
+        uses: google/osv-scanner-action/osv-scanner-action@v2.3.5
         with:
           scan-args: |-
             --recursive
diff --git a/.github/workflows/security-nightly.yml b/.github/workflows/security-nightly.yml
index 3912560..e4484f2 100644
--- a/.github/workflows/security-nightly.yml
+++ b/.github/workflows/security-nightly.yml
@@ -63,7 +63,7 @@ jobs:
           category: trivy-nightly
 
       - name: OSV scan
-        uses: google/osv-scanner-action/osv-scanner-action@v1.9.0
+        uses: google/osv-scanner-action/osv-scanner-action@v2.3.5
         with:
           scan-args: |-
             --recursive