diff --git a/data-model/build.gradle.kts b/data-model/build.gradle.kts
index 17f6aee..0fff429 100644
--- a/data-model/build.gradle.kts
+++ b/data-model/build.gradle.kts
@@ -4,6 +4,7 @@ plugins {
   id("org.hypertrace.avro-plugin") version "0.3.1"
   id("org.hypertrace.publish-plugin")
   id("org.hypertrace.jacoco-report-plugin")
+  id("org.owasp.dependencycheck") version "8.2.1"
 }
 
 tasks.test {
@@ -13,8 +14,9 @@ tasks.test {
 dependencies {
   api("org.apache.avro:avro:1.11.3")
   constraints {
-    api("org.apache.commons:commons-compress:1.21") {
+    api("org.apache.commons:commons-compress:1.24.0") {
       because("Multiple vulnerabilities in avro-declared version")
+      because("https://nvd.nist.gov/vuln/detail/CVE-2023-42503")
     }
     api("com.fasterxml.jackson.core:jackson-databind:2.14.2") {
       because("version 2.12.7.1 has a vulnerability https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424")