diff --git a/src/boot/system_test.c b/src/boot/system_test.c
index d0fe41ee..13e2edef 100644
--- a/src/boot/system_test.c
+++ b/src/boot/system_test.c
@@ -37,7 +37,7 @@ int system_test() {
 
     /* Check the version defines are self consistent */
     char version_combined[256];
-    sprintf(version_combined, "%d.%d.%d%s", JANET_VERSION_MAJOR, JANET_VERSION_MINOR, JANET_VERSION_PATCH, JANET_VERSION_EXTRA);
+    snprintf(version_combined, sizeof(version_combined), "%d.%d.%d%s", JANET_VERSION_MAJOR, JANET_VERSION_MINOR, JANET_VERSION_PATCH, JANET_VERSION_EXTRA);
     assert(!strcmp(JANET_VERSION, version_combined));
 
     /* Reflexive testing and nanbox testing */
diff --git a/src/core/ev.c b/src/core/ev.c
index 250ab728..9b03413e 100644
--- a/src/core/ev.c
+++ b/src/core/ev.c
@@ -2416,7 +2416,7 @@ Janet janet_ev_lasterr(void) {
                   msgbuf,
                   sizeof(msgbuf),
                   NULL);
-    if (!*msgbuf) sprintf(msgbuf, "%d", code);
+    if (!*msgbuf) snprintf(msgbuf, sizeof(msgbuf), "%d", code);
     char *c = msgbuf;
     while (*c) {
         if (*c == '\n' || *c == '\r') {
diff --git a/src/core/os.c b/src/core/os.c
index 8e514113..bc57b64a 100644
--- a/src/core/os.c
+++ b/src/core/os.c
@@ -1331,7 +1331,7 @@ static Janet os_execute_impl(int32_t argc, Janet *argv, JanetExecuteMode mode) {
                       msgbuf,
                       sizeof(msgbuf),
                       NULL);
-        if (!*msgbuf) sprintf(msgbuf, "%d", cp_error_code);
+        if (!*msgbuf) snprintf(msgbuf, sizeof(msgbuf), "%d", cp_error_code);
         char *c = msgbuf;
         while (*c) {
             if (*c == '\n' || *c == '\r') {