diff --git a/releasenotes/notes/13.0.0-cve-bugs-fe43ef267a82f304.yaml b/releasenotes/notes/13.0.0-cve-bugs-fe43ef267a82f304.yaml
new file mode 100644
index 000000000000..bd7fa680c0f6
--- /dev/null
+++ b/releasenotes/notes/13.0.0-cve-bugs-fe43ef267a82f304.yaml
@@ -0,0 +1,17 @@
+---
+security:
+  - |
+    [OSSA 2016-001] Nova host data leak through snapshot (CVE-2015-7548)
+
+    * `Bug 1524274 <https://bugs.launchpad.net/nova/+bug/1524274>`_
+    * `Announcement <http://lists.openstack.org/pipermail/openstack-announce/2016-January/000911.html>`__
+
+    [OSSA 2016-002] Xen connection password leak in logs via StorageError (CVE-2015-8749)
+
+    * `Bug 1516765 <https://bugs.launchpad.net/nova/+bug/1516765>`_
+    * `Announcement <http://lists.openstack.org/pipermail/openstack-announce/2016-January/000916.html>`__
+
+    [OSSA 2016-007] Host data leak during resize/migrate for raw-backed instances  (CVE-2016-2140)
+
+    * `Bug 1548450 <https://bugs.launchpad.net/nova/+bug/1548450>`_
+    * `Announcement <http://lists.openstack.org/pipermail/openstack-announce/2016-March/001009.html>`__
\ No newline at end of file