diff --git a/src/routes/blog.js b/src/routes/blog.js
index 2c07097..9d1c71a 100644
--- a/src/routes/blog.js
+++ b/src/routes/blog.js
@@ -69,6 +69,12 @@ router.get('/:slug', async (request, response, next) => {
 	// Get the name of the post from the URL
 	const postName = request.params.slug;
 
+	if (!/^[0-9-]+$/.test(postName)) {
+		logger.error(`Invalid blog post name name ${postName}`);
+		next();
+		return;
+	}
+
 	// Get the markdown file corresponding to the post
 	let rawPost;
 	try {
diff --git a/src/routes/terms.js b/src/routes/terms.js
index 0307a05..40027e8 100644
--- a/src/routes/terms.js
+++ b/src/routes/terms.js
@@ -14,6 +14,12 @@ router.get('/:slug', async (request, response, next) => {
 
 	const termName = request.params.slug;
 
+	if (!/^[a-z]+$/.test(termName)) {
+		logger.error(`Invalid term name ${termName}`);
+		next();
+		return;
+	}
+
 	let rawTerm;
 	try {
 		rawTerm = await fs.readFile(path.join('terms', `${termName}.md`), 'utf-8');