diff --git a/crates/lexer/RUSTSEC-0000-0000.md b/crates/lexer/RUSTSEC-0000-0000.md
new file mode 100644
index 0000000..a9fb7cc
--- /dev/null
+++ b/crates/lexer/RUSTSEC-0000-0000.md
@@ -0,0 +1,21 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "lexer"
+date = "2020-11-10"
+url = "https://gitlab.com/nathanfaucett/rs-lexer/-/issues/2"
+categories = ["memory-corruption"]
+
+[versions]
+patched = []
+```
+
+# ReaderResult should be bounded by Sync
+
+Affected versions of this crate implements `Sync` for `ReaderResult<T, E>` with the trait bound `T: Send, E: Send`.
+
+Since matching on the public enum `ReaderResult<T, E>` provides access to `&T` & `&E`,
+allowing data race to a non-Sync type `T` or `E`.
+This can result in a memory corruption when multiple threads concurrently access `&T` or `&E`.
+
+Suggested fix for the bug is change the trait bounds imposed on `T` & `E` to be `T: Sync, E: Sync`.
\ No newline at end of file