add advisory for issue found in PyO3 0.28.0 (#2651)

Author: davidhewitt

crates/pyo3/RUSTSEC-0000-0000.md

@@ -0,0 +1,22 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "pyo3"
+date = "2026-02-18"
+url = "https://github.com/PyO3/pyo3/pull/5807#issuecomment-3913251784"
+categories = ["memory-corruption"]
+keywords = ["memory-corruption"]
+
+
+[versions]
+patched = [">= 0.28.2"]
+unaffected = ["< 0.28.0"]
+```
+
+# Type confusion when accessing data from sublasses of subclasses of native types with `abi3` feature targeting Python 3.12 and up
+
+PyO3 0.28.1 added support for `#[pyclass(extends=PyList)] struct NativeSub` (and other native types) when targeting Python 3.12 and up with the `abi3` feature.
+
+It was discovered that subclasses of such classes would use the type of the subclass when attempting to access to data of `NativeSub` contained within Python objects, amounting to memory corruption.
+
+PyO3 0.28.2 fixed the issue by using the type of (e.g.) `NativeSub` correctly.