diff --git a/silverstripe/framework/CVE-2024-32981.yaml b/silverstripe/framework/CVE-2024-32981.yaml
new file mode 100644
index 000000000..a18324416
--- /dev/null
+++ b/silverstripe/framework/CVE-2024-32981.yaml
@@ -0,0 +1,8 @@
+title:     "CVE-2024-32981 - XSS Vulnerability with text/html base64-encoded payload"
+link:      https://www.silverstripe.org/download/security-releases/cve-2024-32981
+cve:       CVE-2024-32981
+branches:
+    5.2.x:
+        time:     2024-07-17 00:24:42
+        versions: ['<5.2.16']
+reference: composer://silverstripe/framework
diff --git a/silverstripe/framework/SS-2024-001.yaml b/silverstripe/framework/SS-2024-001.yaml
new file mode 100644
index 000000000..18ae39fc8
--- /dev/null
+++ b/silverstripe/framework/SS-2024-001.yaml
@@ -0,0 +1,8 @@
+title:     "SS-2024-001 - TinyMCE allows svg files linked in object tags"
+link:      https://www.silverstripe.org/download/security-releases/ss-2024-001
+cve:       ~
+branches:
+    5.2.x:
+        time:     2024-07-17 00:24:42
+        versions: ['<5.2.16']
+reference: composer://silverstripe/framework
diff --git a/silverstripe/reports/CVE-2024-29885.yaml b/silverstripe/reports/CVE-2024-29885.yaml
new file mode 100644
index 000000000..b4a207a90
--- /dev/null
+++ b/silverstripe/reports/CVE-2024-29885.yaml
@@ -0,0 +1,8 @@
+title:     "CVE-2024-29885 - Reports are still accessible even when canView is set to false"
+link:      https://www.silverstripe.org/download/security-releases/cve-2024-29885
+cve:       CVE-2024-29885
+branches:
+    5.2.x:
+        time:     2024-07-17 00:24:42
+        versions: ['<5.2.3']
+reference: composer://silverstripe/reports