diff --git a/crates/shell-words/RUSTSEC-0000-0000.md b/crates/shell-words/RUSTSEC-0000-0000.md
new file mode 100644
index 0000000000..67369806a8
--- /dev/null
+++ b/crates/shell-words/RUSTSEC-0000-0000.md
@@ -0,0 +1,26 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "shell-words"
+
+date = "2024-12-13"
+url = "https://github.com/tmiasko/shell-words/pull/16"
+categories = ["format-injection", "file-disclosure"]
+keywords = ["shell"]
+
+[affected]
+[affected.functions]
+"shell_words::quote" = ["<= 1.1.0"]
+
+[versions]
+patched = [">= 1.1.1"]
+```
+
+# `~` not escaped (shell_words::quote)
+
+Affected versions of this crate incorrectly looked for `˜` (U+02DC SMALL TILDE) instead of the intended `~` (U+007E TILDE)
+
+This could lead to exposing the users home path, or in certain cases path traversal. 
+
+This was corrected in commit efe8162, included in version `1.1.1`.
+