diff --git a/rust/std/RUSTSEC-000-0000.md b/rust/std/RUSTSEC-000-0000.md
new file mode 100644
index 0000000000..d39c1b2397
--- /dev/null
+++ b/rust/std/RUSTSEC-000-0000.md
@@ -0,0 +1,24 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "std"
+date = "2020-10-28"
+url = "https://github.com/rust-lang/rust/issues/78498"
+
+[affected.functions]
+"alloc::string::String::retain" = ["< 1.49.0, >= 1.26.0"]
+
+[versions]
+patched = [">= 1.49.0"]
+unaffected = ["< 1.26.0"]
+```
+
+# `String::retain()` may return non-UTF-8 string when the predicate closure panics
+
+The affected version of the Rust standard library shipped `String::retain()` that is not panic safe.
+The affected version of this API
+may leave the string in non-UTF-8 status if the provided predicate closure panics in the middle of the iteration.
+The standard library has an invariant that assumes all strings are UTF-8 encoded,
+so it could lead to a safety violation if that invalid string is used again in the unwinding path.
+The bug was fixed by truncating the string before the iteration.
+It now returns an empty string when the predicate panics.