diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8aa0d3d2..baaafa75 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -21,6 +21,9 @@ Security fixes:
   Fixes a security hole on Windows where running ripgrep with either the
   `-z/--search-zip` or `--pre` flags can result in running arbitrary
   executables from the current directory.
+* [VULN #1773](https://github.com/BurntSushi/ripgrep/issues/1773):
+  This is the public facing issue tracking CVE-2021-3013. ripgrep's README
+  now contains a section describing how to report a vulnerability.
 
 Feature enhancements:
 
diff --git a/README.md b/README.md
index bc3e0975..3ea9b636 100644
--- a/README.md
+++ b/README.md
@@ -425,6 +425,14 @@ $ cargo test --all
 from the repository root.
 
 
+### Vulnerability reporting
+
+For reporting a security vulnerability, please
+[contact Andrew Gallant](https://blog.burntsushi.net/about/),
+which has my email address and PGP public key if you wish to send an encrypted
+message.
+
+
 ### Translations
 
 The following is a list of known translations of ripgrep's documentation. These