diff --git a/Gemfile b/Gemfile
index 0ab308161f1..8e9e0cd220f 100644
--- a/Gemfile
+++ b/Gemfile
@@ -22,9 +22,9 @@ gem "kaminari"
 gem "loofah", ">= 2.2.3"
 gem "moment_timezone-rails"
 gem "newrelic_rpm"
-# nokogiri versions before 1.10.3 are affected by CVE-2019-11068. Explicitly define nokogiri version here to avoid that.
-# https://github.com/sparklemotion/nokogiri/issues/1892
-gem "nokogiri", "1.10.3"
+# nokogiri versions before 1.10.4 are vulnerable to CVE-2019-5477.
+# https://github.com/sparklemotion/nokogiri/issues/1915
+gem "nokogiri", "~> 1.10.4"
 gem "paper_trail", "8.1.2"
 # Used to speed up reporting
 gem "parallel"
diff --git a/Gemfile.lock b/Gemfile.lock
index 7e66289c162..972b4441eb6 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -315,7 +315,7 @@ GEM
     newrelic_rpm (6.3.0.355)
     nio4r (2.3.1)
     no_proxy_fix (0.1.2)
-    nokogiri (1.10.3)
+    nokogiri (1.10.4)
       mini_portile2 (~> 2.4.0)
     nori (2.6.0)
     notiffany (0.1.1)
@@ -580,7 +580,7 @@ DEPENDENCIES
   meta_request
   moment_timezone-rails
   newrelic_rpm
-  nokogiri (= 1.10.3)
+  nokogiri (~> 1.10.4)
   paper_trail (= 8.1.2)
   parallel
   paranoia (~> 2.2)