diff --git a/ChangeLog b/ChangeLog
index 3ca4e25a48..da0722a65e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+Wed Feb  6 13:03:00 2013  Zachary Scott  <zachary@zacharyscott.net>
+
+	* doc/security.rdoc: Add link to CVEs on ruby-lang.org/en/security
+
 Wed Feb  6 12:49:00 2013  Zachary Scott  <zachary@zacharyscott.net>
 
 	* NEWS: Add note about removal of CSV::load and CSV::dump from r39077
diff --git a/doc/security.rdoc b/doc/security.rdoc
index 566920a5c1..16df93f540 100644
--- a/doc/security.rdoc
+++ b/doc/security.rdoc
@@ -6,6 +6,9 @@ pitfalls often encountered by newcomers and experienced Rubyists alike.
 This document aims to discuss many of these pitfalls and provide more secure
 alternatives where applicable.
 
+Please check the full list of publicly known CVEs and how to correctly report a
+security vulnerability, at: http://www.ruby-lang.org/en/security/
+
 == <code>$SAFE</code>
 
 Ruby provides a mechanism to restrict what operations can be performed by Ruby