diff --git a/crates/hivex/RUSTSEC-0000-0000.md b/crates/hivex/RUSTSEC-0000-0000.md
new file mode 100644
index 000000000..ac14f3880
--- /dev/null
+++ b/crates/hivex/RUSTSEC-0000-0000.md
@@ -0,0 +1,26 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+
+package = "hivex"
+date    = "2026-02-26"
+url     = "https://codeberg.org/1millibyte/toolsnt/issues/18"
+
+informational = "unsound"
+keywords      = ["double-free", "use-after-free", "undefined-behavior"]
+
+[affected.functions]
+"hivex::Hive::close"       = ["= 0.2.0"]
+"hivex::Hive::from_handle" = ["= 0.2.0"]
+
+[versions]
+patched = [">= 0.2.1"]
+```
+
+# Double-free and use-after-free for Hive
+`Drop` implementation for `Hive` did perform free, but so did `Hive::close`, which,
+at the end of the scope performed `Drop`, therefore triggering double-free.
+
+Additionally, function `Hive::from_handle` was not marked as unsafe, making it,
+in combination with `as_handle` easy to clone and trigger double-free in safe
+code or triggering UB when using invalid pointer.