diff --git a/apps/oauth2/package-lock.json b/apps/oauth2/package-lock.json
index 37d4afc1f8..3467a8890a 100644
--- a/apps/oauth2/package-lock.json
+++ b/apps/oauth2/package-lock.json
@@ -4253,9 +4253,9 @@
       }
     },
     "vue": {
-      "version": "2.5.17",
-      "resolved": "https://registry.npmjs.org/vue/-/vue-2.5.17.tgz",
-      "integrity": "sha512-mFbcWoDIJi0w0Za4emyLiW72Jae0yjANHbCVquMKijcavBGypqlF7zHRgMa5k4sesdv7hv2rB4JPdZfR+TPfhQ=="
+      "version": "2.5.18",
+      "resolved": "https://registry.npmjs.org/vue/-/vue-2.5.18.tgz",
+      "integrity": "sha512-j4oT4jQdhBf3dUxzu1ogjkhzMU44AtwqtLz7oq/u7340/lmUUogTG6/D6P4/J2cCosoM21MqMIUsQchPKS4elg=="
     },
     "vue-hot-reload-api": {
       "version": "2.3.1",
diff --git a/apps/oauth2/package.json b/apps/oauth2/package.json
index fe8da421d6..0aaa5c0fdf 100644
--- a/apps/oauth2/package.json
+++ b/apps/oauth2/package.json
@@ -17,7 +17,7 @@
   },
   "dependencies": {
     "nextcloud-axios": "^0.1.3",
-    "vue": "^2.5.17"
+    "vue": "^2.5.18"
   },
   "devDependencies": {
     "css-loader": "^1.0.1",