diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..f8f1749
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,39 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 1.0.x   | :white_check_mark: |
+
+## Reporting a Vulnerability
+
+Improper parsing of octal bytes in netmask Critical
+#2 opened now • Detected in netmask (npm) • package-lock.json
+
+path-to-regexp outputs backtracking regular expressions High
+#7 opened now • Detected in path-to-regexp (npm) • package-lock.json
+
+ip SSRF improper categorization in isPublic High
+#6 opened now • Detected in ip (npm) • package-lock.json
+
+Code Injection in pac-resolver High
+#4 opened now • Detected in degenerator (npm) • package-lock.json
+
+Code Injection in pac-resolver High
+#3 opened now • Detected in pac-resolver (npm) • package-lock.json
+
+Denial of service while parsing a tar file due to lack of folders count validation Moderate
+#5 opened now • Detected in tar (npm) • package-lock.json
+
+netmask npm package mishandles octal input data Moderate
+#1 opened now • Detected in netmask (npm) • package-lock.json
+
+DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS High Development
+#10 opened now • Detected in rollup (npm) • package-lock.json
+
+Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS Moderate Development
+#9 opened now • Detected in vite (npm) • package-lock.json
+
+Vite's `server.fs.deny` is bypassed when using `?import&raw` Moderate Development
+#8 opened now • Detected in vite (npm) • package-lock.json