diff --git a/pkgs/applications/networking/pjsip/default.nix b/pkgs/applications/networking/pjsip/default.nix
index 96d0c60df14..eae9a8a3d87 100644
--- a/pkgs/applications/networking/pjsip/default.nix
+++ b/pkgs/applications/networking/pjsip/default.nix
@@ -1,4 +1,12 @@
-{ lib, stdenv, fetchFromGitHub, openssl, libsamplerate, alsa-lib, AppKit }:
+{ lib
+, stdenv
+, fetchFromGitHub
+, fetchpatch
+, openssl
+, libsamplerate
+, alsa-lib
+, AppKit
+}:
 
 stdenv.mkDerivation rec {
   pname = "pjsip";
@@ -13,6 +21,16 @@ stdenv.mkDerivation rec {
 
   patches = [
     ./fix-aarch64.patch
+    (fetchpatch {
+      name = "CVE-2022-23537.patch";
+      url = "https://github.com/pjsip/pjproject/commit/d8440f4d711a654b511f50f79c0445b26f9dd1e1.patch";
+      sha256 = "sha256-7ueQCHIiJ7MLaWtR4+GmBc/oKaP+jmEajVnEYqiwLRA=";
+    })
+    (fetchpatch {
+      name = "CVE-2022-23547.patch";
+      url = "https://github.com/pjsip/pjproject/commit/bc4812d31a67d5e2f973fbfaf950d6118226cf36.patch";
+      sha256 = "sha256-bpc8e8VAQpfyl5PX96G++6fzkFpw3Or1PJKNPKl7N5k=";
+    })
   ];
 
   buildInputs = [ openssl libsamplerate ]