diff --git a/crates/openssl-src/RUSTSEC-0000-0000.md b/crates/openssl-src/RUSTSEC-0000-0000.md
new file mode 100644
index 0000000..7c5fde9
--- /dev/null
+++ b/crates/openssl-src/RUSTSEC-0000-0000.md
@@ -0,0 +1,25 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "openssl-src"
+aliases = ["CVE-2021-3449"]
+categories = ["denial-of-service"]
+date = "2021-05-01"
+url = "https://www.openssl.org/news/secadv/20210325.txt"
+
+[versions]
+patched = [">= 111.15"]
+```
+
+# NULL pointer deref in signature_algorithms processing
+
+An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation
+ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits
+the signature_algorithms extension (where it was present in the initial
+ClientHello), but includes a signature_algorithms_cert extension then a NULL
+pointer dereference will result, leading to a crash and a denial of service
+attack.
+
+A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which
+is the default configuration). OpenSSL TLS clients are not impacted by this
+issue.