diff --git a/homeassistant/package_constraints.txt b/homeassistant/package_constraints.txt
index 796fd5681ff..9f774360cf4 100644
--- a/homeassistant/package_constraints.txt
+++ b/homeassistant/package_constraints.txt
@@ -28,6 +28,9 @@ zeroconf==0.24.4
 
 pycryptodome>=3.6.6
 
+# Constrain urllib3 to ensure we deal with CVE-2019-11236 & CVE-2019-11324
+urllib3>=1.24.3
+
 # Not needed for our supported Python versions
 enum34==1000000000.0.0
 
diff --git a/script/gen_requirements_all.py b/script/gen_requirements_all.py
index 457c14b3474..2b7fe8226b2 100755
--- a/script/gen_requirements_all.py
+++ b/script/gen_requirements_all.py
@@ -58,6 +58,9 @@ CONSTRAINT_PATH = os.path.join(
 CONSTRAINT_BASE = """
 pycryptodome>=3.6.6
 
+# Constrain urllib3 to ensure we deal with CVE-2019-11236 & CVE-2019-11324
+urllib3>=1.24.3
+
 # Not needed for our supported Python versions
 enum34==1000000000.0.0