diff --git a/crates/libp2p-core/RUSTSEC-0000-0000.md b/crates/libp2p-core/RUSTSEC-0000-0000.md
new file mode 100644
index 0000000..344038b
--- /dev/null
+++ b/crates/libp2p-core/RUSTSEC-0000-0000.md
@@ -0,0 +1,21 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "libp2p-core"
+date = "2022-02-07"
+categories = ["crypto-failure"]
+
+[affected]
+functions = { "libp2p_core::PeerRecord::from_signed_envelope" = [">= 0.30.0-rc.1"] }
+
+[versions]
+unaffected = ["< 0.30.0-rc.1"]
+patched = [">= 0.31.1"]
+```
+
+# Failure to verify the public key of a `SignedEnvelope` against the `PeerId` in a `PeerRecord`
+
+Affected versions of this crate did not check that the public key the signature was created with matches the peer ID of the peer record. 
+Any combination was considered valid.
+
+This allows an attacker to republish an existing `PeerRecord` with a different `PeerId`.