diff --git a/packages/hackney/GHSA-vq52-99r9-h5pw.yml b/packages/hackney/GHSA-vq52-99r9-h5pw.yml
new file mode 100644
index 0000000..3fc9c97
--- /dev/null
+++ b/packages/hackney/GHSA-vq52-99r9-h5pw.yml
@@ -0,0 +1,14 @@
+---
+description: |-
+  Versions of the package hackney from 0.0.0 are vulnerable to Server-side Request Forgery (SSRF) due to improper parsing of URLs by URI built-in module and hackey. Given the URL http://127.0.0.1?@127.2.2.2/, the URI function will parse and see the host as 127.0.0.1 (which is correct), and hackney will refer the host as 127.2.2.2/. 
+  This vulnerability can be exploited when users rely on the URL function for host checking.
+disclosure_date: 2025-02-11
+first_patched_versions:
+  -
+id: GHSA-vq52-99r9-h5pw
+link: https://github.com/advisories/GHSA-vq52-99r9-h5pw
+package: hackney
+severity: low
+title: Server-side Request Forgery (SSRF) in hackney
+vulnerable_version_ranges:
+  - <= 1.20.1