diff --git a/CHANGELOG.md b/CHANGELOG.md
index ff56302c0..1c8bde4f9 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -11,6 +11,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 ### Removed
 ### Fixed
 ### Security
+- [CVE-2022-25912] Bumps simple-git from 3.4.0 to 3.15.0 ([#341](https://github.com/opensearch-project/opensearch-js/pull/341))
 
 ## [2.1]
 ### Added
diff --git a/package.json b/package.json
index 6e70572f4..8aef6f4fb 100644
--- a/package.json
+++ b/package.json
@@ -80,7 +80,7 @@
     "proxy": "^1.0.2",
     "rimraf": "^3.0.2",
     "semver": "^7.3.5",
-    "simple-git": "^3.5.0",
+    "simple-git": "^3.15.0",
     "simple-statistics": "^7.7.0",
     "split2": "^3.2.2",
     "stoppable": "^1.1.0",
diff --git a/yarn.lock b/yarn.lock
index 6b6032b84..61353c937 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -2841,10 +2841,10 @@ signal-exit@^3.0.4, signal-exit@^3.0.6:
   resolved "https://registry.yarnpkg.com/signal-exit/-/signal-exit-3.0.7.tgz#a9a1767f8af84155114eaabd73f99273c8f59ad9"
   integrity sha512-wnD2ZE+l+SPC/uoS0vXeE9L1+0wuaMqKlfz9AMUo38JsyLSBWSFcHR1Rri62LZc12vLr1gb3jl7iwQhgwpAbGQ==
 
-simple-git@^3.5.0:
-  version "3.13.0"
-  resolved "https://registry.yarnpkg.com/simple-git/-/simple-git-3.13.0.tgz#36589e201c28cecaca6f3a898e7257c6610e8588"
-  integrity sha512-VYrs3joeHvWGcN3K135RpGpPjm4AHYeOrclwew6LlfHgq6ozQYIW2yMnmjf4PCgVOuSYCbXkdUjyiFawuJz8MA==
+simple-git@^3.15.0:
+  version "3.15.1"
+  resolved "https://registry.yarnpkg.com/simple-git/-/simple-git-3.15.1.tgz#57f595682cb0c2475d5056da078a05c8715a25ef"
+  integrity sha512-73MVa5984t/JP4JcQt0oZlKGr42ROYWC3BcUZfuHtT3IHKPspIvL0cZBnvPXF7LL3S/qVeVHVdYYmJ3LOTw4Rg==
   dependencies:
     "@kwsites/file-exists" "^1.1.1"
     "@kwsites/promise-deferred" "^1.1.1"