diff --git a/CHANGES.rst b/CHANGES.rst
index 1d412f33..b8f472b3 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -14,7 +14,9 @@ Unreleased Changes
 * Many dependency updates:
 
   * Upgrade SQLAlchemy from 1.2.0 to 1.2.11 for `python 3 bug fix (4291) <https://docs.sqlalchemy.org/en/latest/changelog/changelog_12.html#change-2cca6c216347ab83d04c766452b48c1a>`_.
-  * upgrade Flask from 0.12.2 to 1.0.2 for `CVE-2018-1000656 <https://nvd.nist.gov/vuln/detail/CVE-2018-1000656>`_
+  * Upgrade Flask from 0.12.2 to 1.0.2 for `CVE-2018-1000656 <https://nvd.nist.gov/vuln/detail/CVE-2018-1000656>`_.
+  * Upgrade cryptography from 2.1.4 to 2.3.1 for `CVE-2018-10903 <https://nvd.nist.gov/vuln/detail/CVE-2018-10903>`_.
+  * Upgrade to latest versions for: alembic, Babel, beautifulsoup4, cffi, httplib2, hvac, idna, keyring, lxml, requests.
 
 1.0.0 (2018-07-07)
 ------------------
diff --git a/requirements.txt b/requirements.txt
index 5e8c022f..039aa594 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -6,22 +6,22 @@ PyMySQL==0.8.0
 SQLAlchemy-Utc==0.9.0
 SQLAlchemy==1.2.11
 SecretStorage==2.3.1
-alembic==0.9.6
+alembic==1.0.0
 appdirs==1.4.3
 asn1crypto==0.24.0
-babel==2.5.1
-beautifulsoup4==4.6.0
-cffi==1.11.2
+babel==2.6.0
+beautifulsoup4==4.6.3
+cffi==1.11.5
 click==6.7
-cryptography==2.1.4
+cryptography==2.3.1
 datatables==0.4.9
-httplib2==0.10.3
+httplib2==0.11.3
 humanize==0.5.1
-hvac==0.3.0
-idna==2.6
+hvac==0.6.4
+idna==2.7
 itsdangerous==0.24
-keyring==10.6.0
-lxml==4.1.1
+keyring==15.1.0
+lxml==4.2.5
 ofxhome==0.3.3
 ofxparse==0.17
 packaging==16.8
@@ -30,7 +30,7 @@ pyparsing==2.2.0
 python-dateutil==2.6.1
 python-editor==1.0.3
 pytz
-requests==2.18.4
+requests==2.19.1
 selenium==3.8.1
 six==1.11.0
 versionfinder>=0.1.3