diff --git a/backend/Dockerfile b/backend/Dockerfile
index f7d2e0157..93021b0da 100644
--- a/backend/Dockerfile
+++ b/backend/Dockerfile
@@ -8,6 +8,10 @@ RUN apt-get update \
 
 COPY ./requirements/default.txt /tmp/requirements.txt
 RUN pip install --no-cache-dir --upgrade -r /tmp/requirements.txt
+
+# Remove py which is pulled in by retry, py is not needed and is a CVE
+RUN pip uninstall py
+
 RUN playwright install chromium
 RUN playwright install-deps chromium
 
diff --git a/backend/requirements/default.txt b/backend/requirements/default.txt
index 4a4b36521..0a7209a9e 100644
--- a/backend/requirements/default.txt
+++ b/backend/requirements/default.txt
@@ -37,9 +37,9 @@ python-multipart==0.0.6
 qdrant-client==1.2.0
 requests==2.31.0
 requests-oauthlib==1.3.1
-retry==0.9.2
+retry==0.9.2  # This pulls in py which is in CVE-2022-42969, must remove py from image
 rfc3986==1.5.0
-# need to pin `safetensors` version, since the latest versions require 
+# need to pin `safetensors` version, since the latest versions requires
 # building from source using Rust
 safetensors==0.3.1
 sentence-transformers==2.2.2