diff --git a/crates/smallvec/RUSTSEC-0000-0000.toml b/crates/smallvec/RUSTSEC-0000-0000.toml
new file mode 100644
index 0000000000..8c78e465c6
--- /dev/null
+++ b/crates/smallvec/RUSTSEC-0000-0000.toml
@@ -0,0 +1,17 @@
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "smallvec"
+date = "2019-06-06"
+title = "Double-free and use-after-free in SmallVec::grow()"
+description = """
+Attempting to call `grow` on a spilled SmallVec with a value equal to the current capacity causes it to free the existing data. This performs a double free immediately and may lead to use-after-free on subsequent accesses to the SmallVec contents.
+
+An attacker that controls the value passed to `grow` may exploit this flaw to obtain memory contents or gain remote code execution.
+
+Credits to @ehuss for discovering, reporting and fixing the bug.
+"""
+patched_versions = [">= 0.6.10"]
+unaffected_versions = ["< 0.6.5"]
+url = "https://github.com/servo/rust-smallvec/issues/148"
+keywords = ["double free", "use after free", "arbitrary code execution"]
+affected_functions = ["smallvec::SmallVec::grow"]