diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 4cfc67f..de41dce 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -19,7 +19,7 @@ repos:
 
   # python code formatting
   - repo: https://github.com/psf/black
-    rev: 23.1.0
+    rev: 23.12.1
     hooks:
       - id: black
         args: ["--config", "pyproject.toml"]
@@ -33,7 +33,7 @@ repos:
 
   # python check (PEP8), programming errors and code complexity
   - repo: https://github.com/PyCQA/flake8
-    rev: 6.0.0
+    rev: 7.0.0
     hooks:
       - id: flake8
         args: ["--config", ".flake8"]
@@ -44,3 +44,10 @@ repos:
     hooks:
     -   id: pylint
         args: ["--rcfile", "pyproject.toml"]
+
+  - repo: https://github.com/PyCQA/bandit
+    rev: 1.7.6
+    hooks:
+    - id: bandit
+      args: ["-c", "pyproject.toml"]
+      additional_dependencies: ["bandit[toml]"]
diff --git a/pyproject.toml b/pyproject.toml
index ecad9fb..71966ef 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -75,7 +75,9 @@ exclude_dirs = ["build","dist","tests","scripts"]
 number = 4
 recursive = true
 targets = "src"
-skips = ["B101", "B311"]
+# B404 and B603 are skipped because the user can already run any arbitrary
+# command on their jupyter server
+skips = ["B101", "B311", "B404", "B603"]
 
 [tool.black]
 line-length = 79