diff --git a/go.mod b/go.mod
index 96ce0408..1e571d95 100644
--- a/go.mod
+++ b/go.mod
@@ -98,3 +98,6 @@ require (
 replace github.com/urfave/cli/v2 => github.com/ipostelnik/cli/v2 v2.3.1-0.20210324024421-b6ea8234fe3d
 
 replace github.com/lucas-clemente/quic-go => github.com/chungthuang/quic-go v0.24.1-0.20220110095058-981dc498cb62
+
+// Avoid 'CVE-2022-21698'
+replace github.com/prometheus/golang_client => github.com/prometheus/golang_client v1.12.1
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 6abd2cd0..b6fe6b65 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -566,3 +566,4 @@ zombiezen.com/go/capnproto2/server
 zombiezen.com/go/capnproto2/std/capnp/rpc
 # github.com/urfave/cli/v2 => github.com/ipostelnik/cli/v2 v2.3.1-0.20210324024421-b6ea8234fe3d
 # github.com/lucas-clemente/quic-go => github.com/chungthuang/quic-go v0.24.1-0.20220110095058-981dc498cb62
+# github.com/prometheus/golang_client => github.com/prometheus/golang_client v1.12.1