diff --git a/crates/string-interner/RUSTSEC-0000-0000.toml b/crates/string-interner/RUSTSEC-0000-0000.toml
new file mode 100644
index 0000000..9623726
--- /dev/null
+++ b/crates/string-interner/RUSTSEC-0000-0000.toml
@@ -0,0 +1,20 @@
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "string-interner"
+date = "2019-08-24"
+title = "Cloned interners may read already dropped strings"
+description = """
+Affected versions of this crate did not clone contained strings when an interner is cloned.
+Interners have raw pointers to the contained strings, and they keep pointing the strings which the old interner owns, after the interner is cloned.
+If a new cloned interner is alive and the old original interner is dead, the new interner has dangling pointers to the old interner's storage, which is already dropped.
+
+This allows an attacker to read the already freed memory.
+The dangling pointers are used by the interners to check a string is already interned.
+An attacker can do brute force attack to get the data pointed by the dangling pointer.
+
+The flaw was corrected by <https://github.com/Robbepop/string-interner/pull/10>.
+This patch implements `Clone` manually to the interner type, so that the internal raw pointers always point the strings owned by the same interner.
+"""
+patched_versions = [">= 0.7.1"]
+url = "https://github.com/Robbepop/string-interner/issues/9"
+keywords = ["use after free"]