diff --git a/crates/serde_cbor/RUSTSEC-0000-0000.toml b/crates/serde_cbor/RUSTSEC-0000-0000.toml
new file mode 100644
index 0000000..0d6ad1d
--- /dev/null
+++ b/crates/serde_cbor/RUSTSEC-0000-0000.toml
@@ -0,0 +1,16 @@
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "serde_cbor"
+date = "2019-10-03"
+title = "Flaw in CBOR deserializer allows stack overflow"
+description = """
+Affected versions of this crate did not properly check if semantic tags were nested excessively during deserialization.
+
+This allows an attacker to craft small (< 1 kB) CBOR documents that cause a stack overflow.
+ 
+The flaw was corrected by limiting the allowed number of nested tags.
+"""
+patched_versions = [">= 0.10.2"]
+url = "https://github.com/pyfisch/cbor/releases/tag/v0.10.2"
+categories = ["crypto-failure"]
+keywords = ["stack-overflow", "crash", "denial-of-service"]