diff --git a/crates/lru/RUSTSEC-0000-0000.md b/crates/lru/RUSTSEC-0000-0000.md
new file mode 100644
index 0000000..a75e867
--- /dev/null
+++ b/crates/lru/RUSTSEC-0000-0000.md
@@ -0,0 +1,25 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "lru"
+date = "2021-12-21"
+url = "https://github.com/jeromefroe/lru-rs/issues/120"
+categories = ["memory-corruption"]
+keywords = ["use-after-free"]
+
+[affected.functions]
+"lru::LruCache::iter" = ["< 0.7.1"]
+"lru::LruCache::iter_mut" = ["< 0.7.1"]
+
+[versions]
+patched = [">= 0.7.1"]
+```
+
+# Use after free in lru crate
+
+Lru crate has use after free vulnerability.
+
+Lru crate has two functions for getting an iterator. Both iterators give
+references to key and value. Calling specific functions, like pop(), will remove
+and free the value, and but it's still possible to access the reference of value
+which is already dropped causing use after free.