diff --git a/crates/serde_yaml/RUSTSEC-2018-0005.toml b/crates/serde_yaml/RUSTSEC-2018-0005.toml
new file mode 100644
index 0000000..9016ee0
--- /dev/null
+++ b/crates/serde_yaml/RUSTSEC-2018-0005.toml
@@ -0,0 +1,18 @@
+[advisory]
+id = "RUSTSEC-2018-0005"
+package = "serde_yaml"
+date = "2018-09-17"
+title = "Uncontrolled recursion leads to abort in deserialization"
+description = """
+Affected versions of this crate did not properly check for recursion
+while deserializing aliases.
+
+This allows an attacker to make a YAML file with an alias referring
+to itself causing an abort.
+
+The flaw was corrected by checking the recursion depth.
+"""
+patched_versions = [">= 0.8.4"]
+unaffected_versions = ["< 0.6.0-rc1"]
+url = "https://github.com/dtolnay/serde-yaml/pull/105"
+keywords = ["crash"]
diff --git a/crates/yaml-rust/RUSTSEC-2018-0006.toml b/crates/yaml-rust/RUSTSEC-2018-0006.toml
new file mode 100644
index 0000000..854b81a
--- /dev/null
+++ b/crates/yaml-rust/RUSTSEC-2018-0006.toml
@@ -0,0 +1,17 @@
+[advisory]
+id = "RUSTSEC-2018-0006"
+package = "yaml-rust"
+date = "2018-09-17"
+title = "Uncontrolled recursion leads to abort in deserialization"
+description = """
+Affected versions of this crate did not prevent deep recursion while
+deserializing data structures.
+
+This allows an attacker to make a YAML file with deeply nested structures
+that causes an abort while deserializing it.
+
+The flaw was corrected by checking the recursion depth.
+"""
+patched_versions = [">= 0.4.1"]
+url = "https://github.com/chyh1990/yaml-rust/pull/109"
+keywords = ["crash"]