diff --git a/crates/actix-http/RUSTSEC-0000-0000.md b/crates/actix-http/RUSTSEC-0000-0000.md
new file mode 100644
index 0000000..10862d2
--- /dev/null
+++ b/crates/actix-http/RUSTSEC-0000-0000.md
@@ -0,0 +1,16 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "actix-http"
+date = "2021-06-16"
+keywords = ["smuggling", "http", "reverse proxy", "request smuggling"]
+
+[versions]
+patched = ["^ 2.2.1", ">= 3.0.0-beta.9"]
+```
+
+# Potential request smuggling capabilities due to lack of input validation
+
+Affected versions of this crate did not properly detect invalid requests that could allow HTTP/1 request smuggling (HRS) attacks when running alongside a vulnerable front-end proxy server. This can result in leaked internal and/or user data, including credentials, when the front-end proxy is also vulnerable.
+
+Popular front-end proxies and load balancers already mitigate HRS attacks so it is recommended that they are also kept up to date; check your specific set up. You should upgrade even if the front-end proxy receives exclusively HTTP/2 traffic and connects to the back-end using HTTP/1; several downgrade attacks are known that can also expose HRS vulnerabilities.