diff --git a/crates/serde_yaml/RUSTSEC-0000-0000.md b/crates/serde_yaml/RUSTSEC-0000-0000.md
new file mode 100644
index 0000000000..39a12518b0
--- /dev/null
+++ b/crates/serde_yaml/RUSTSEC-0000-0000.md
@@ -0,0 +1,39 @@
+```toml
+[advisory]
+# Identifier for the advisory (mandatory). Will be assigned a "RUSTSEC-YYYY-NNNN"
+# identifier e.g. RUSTSEC-2018-0001. Please use "RUSTSEC-0000-0000" in PRs.
+id = "RUSTSEC-0000-0000"
+
+# Name of the affected crate (mandatory)
+package = "serde_yaml"
+
+# Disclosure date of the advisory as an RFC 3339 date (mandatory)
+date = "2024-07-21"
+
+# URL to a long-form description of this issue, e.g. a GitHub issue/PR,
+# a change log entry, or a blogpost announcing the release (optional, except
+# for advisories using a license that requires attribution).
+url = "https://github.com/dtolnay/serde-yaml/blob/master/README.md"
+
+# Optional: Indicates the type of informational security advisory
+#  - "unsound" for soundness issues
+#  - "unmaintained" for crates that are no longer maintained
+#  - "notice" for other informational notices
+informational = "unmaintained"
+
+# Freeform keywords which describe this vulnerability, similar to Cargo (optional)
+keywords = ["yaml", "serde", "serialization"]
+
+# Versions which include fixes for this vulnerability (mandatory)
+# All selectors supported by Cargo are supported here:
+# https://doc.rust-lang.org/cargo/reference/specifying-dependencies.html
+# use patched = [] e.g. in case of unmaintained where there is no fix
+[versions]
+patched = []
+```
+
+# serde_yaml - no longer maintained
+
+The creator of serde_yaml has stated in the readme of their repo that the lib is no longer maintained, and also marked versoin 0.9.34 as deprecated.
+
+The repo is archived and an issue can not be opened to confirm the authors desire to push an advisory.