diff --git a/crates/hyper/RUSTSEC-0000-0000.md b/crates/hyper/RUSTSEC-0000-0000.md
new file mode 100644
index 0000000000..f2152bb57b
--- /dev/null
+++ b/crates/hyper/RUSTSEC-0000-0000.md
@@ -0,0 +1,18 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "hyper"
+date = "2022-05-10"
+informational = "unsound"
+url = "https://github.com/hyperium/hyper/pull/2545"
+
+[versions]
+patched = [">= 0.4.12"]
+```
+
+# Parser creates invalid uninitialized value
+
+Affected versions of this crate called `mem::uninitialized()` in the HTTP1 parser to create values of type `httparse::Header` (from the `httparse` crate).
+This is unsound, since `Header` contains references and thus must be non-null.
+ 
+The flaw was corrected by avoiding the use of `mem::uninitialized()`, using `MaybeUninit` instead.