diff --git a/zot.advisories.yaml b/zot.advisories.yaml
new file mode 100644
index 0000000000..2d09e15445
--- /dev/null
+++ b/zot.advisories.yaml
@@ -0,0 +1,13 @@
+package:
+  name: zot
+
+advisories:
+  CVE-2023-25656:
+    - timestamp: 2023-08-14T20:41:53.435338-04:00
+      status: affected
+      action: We are waiting on zot to update its code to use a fixed version of the affected notation library.
+
+  CVE-2023-33959:
+    - timestamp: 2023-08-14T20:42:56.411344-04:00
+      status: affected
+      action: We are waiting on zot to update its code to use a fixed version of the affected notation library.