diff --git a/pkgs/development/libraries/hnswlib/default.nix b/pkgs/development/libraries/hnswlib/default.nix
index c3a543972e0..9033d9f5ff4 100644
--- a/pkgs/development/libraries/hnswlib/default.nix
+++ b/pkgs/development/libraries/hnswlib/default.nix
@@ -1,6 +1,7 @@
 { lib
 , stdenv
 , fetchFromGitHub
+, fetchpatch
 , cmake
 , python3
 }:
@@ -21,6 +22,14 @@ stdenv.mkDerivation (finalAttrs: {
     hash = "sha256-XXz0NIQ5dCGwcX2HtbK5NFTalP0TjLO6ll6TmH3oflI=";
   };
 
+  patches = [
+    (fetchpatch {
+      name = "CVE-2023-37365.patch";
+      url = "https://github.com/nmslib/hnswlib/commit/f6d170ce0b41f9e75ace473b09df6e7872590757.patch";
+      hash = "sha256-28nakC0rh6kx6yYjv7m6r9/yJ+lWQuooRFyYYQN2rX8=";
+    })
+  ];
+
   # this is a header-only library, so we don't need to build it
   # we need `cmake` only to run tests
   nativeBuildInputs = lib.optionals finalAttrs.doCheck [