diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 92b275f..16ea8f4 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -19,6 +19,9 @@ Feel free to do either or both of these as you see fit (we recommend you do both
 
 4. [Yank] the affected versions of the crate.
 5. Request a CVE for your vulnerability: https://iwantacve.org/
+   Alternatively, you can create a GitHub Security Advisory (GHSA) and let them request
+   a CVE for you. In this case, you can add the GHSA ID to the RustSec advisory via the
+   `aliases` field.
 
 ## Criteria