diff --git a/NEWS b/NEWS
index 414c1c4..6916adb 100644
--- a/NEWS
+++ b/NEWS
@@ -1,5 +1,6 @@
 1.8.8
   - Apply libyajl patches for CVE-2022-24795, CVE-2022-24795, CVE-2023-33460
+  - Fix printf warnings for cran
 
 1.8.7
   - toJSON(digits = NA) once again prints 15 digits max
diff --git a/src/parse.c b/src/parse.c
index 0e600b9..090fa1a 100644
--- a/src/parse.c
+++ b/src/parse.c
@@ -35,7 +35,7 @@ SEXP R_parse(SEXP x, SEXP bigint_as_char) {
 
     /* parser error */
     if (!node) {
-      Rf_errorcall(R_NilValue, errbuf);
+      Rf_errorcall(R_NilValue, "%s" errbuf);
     }
     SEXP out = ParseValue(node, bigint);
     yajl_tree_free(node);
diff --git a/src/push_parser.c b/src/push_parser.c
index cd94f12..c0445a0 100644
--- a/src/push_parser.c
+++ b/src/push_parser.c
@@ -68,5 +68,5 @@ SEXP R_parse_connection(SEXP sConn, SEXP bigint_as_char){
     strncpy(errbuf, (char *) errstr, bufsize - 1);
     yajl_free_error(push_parser, errstr);
     yajl_free(push_parser);
-    Rf_error(errbuf);
+    Rf_error("%s", errbuf);
 }