diff --git a/crates/xmas-elf/RUSTSEC-0000-0000.md b/crates/xmas-elf/RUSTSEC-0000-0000.md
new file mode 100644
index 000000000..0068ded07
--- /dev/null
+++ b/crates/xmas-elf/RUSTSEC-0000-0000.md
@@ -0,0 +1,20 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "xmas-elf"
+date = "2025-03-03"
+url = "https://github.com/nrc/xmas-elf/issues/86"
+categories = ["memory-corruption"]
+
+[affected]
+functions = { "xmas_elf::hash::HashTable::get_bucket" = ["<0.10"] }
+
+[versions]
+patched = [">=0.10"]
+```
+# Stack-buffer-overflow in HashTable Struct
+In this case, the "get_bucket" method within the HashTable struct uses the unsafe keyword to access memory with assert function protection.
+A maliciously crafted ELF file can present an invalid SectionData HashTable that causes xmas-elf to access memory out of bounds
+However, it is still vulnerable because "bucket_count" which stands for the size of hashtable and offset value of the hashtable can be manipulated by users. 
+When "bucket_count" is set bigger value than first_bucket's actual length, it can lead to invalid memory access which violates Rust’s memory safety guarantees. 
+Also, as hash.rs is public module, it can be used externally, which means that it is an actual vulnerability.