diff --git a/gems/nekohtml/CVE-2022-24839.yml b/gems/nekohtml/CVE-2022-24839.yml
new file mode 100644
index 0000000000..be3911de82
--- /dev/null
+++ b/gems/nekohtml/CVE-2022-24839.yml
@@ -0,0 +1,35 @@
+---
+gem: nekohtml
+platform: jruby
+cve: 2022-24839
+ghsa: gx8x-g87m-h5q6
+url: https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv
+title: Nekohtml version of "Denial of Service (DoS) in Nokogiri on JRuby"
+date: 2022-04-11
+description: |
+  ## Summary
+
+  The fork of org.cyberneko.html used by Nokogiri (Rubygem) raises a
+  java.lang.OutOfMemoryError exception when parsing ill-formed HTML markup.
+
+  ## From ruby-security-ann post
+
+    * [JRuby] Vendored nekohtml (org.cyberneko.html) is updated to address
+      CVE-2022-24839. See GHSA-gx8x-g87m-h5q6 for more information.
+
+    * [JRuby] Vendored nekohtml (org.cyberneko.html) is updated from a
+      fork of 1.9.21 to 1.9.22.noko2. This fork is now publicly developed
+      at https://github.com/sparklemotion/nekohtml.
+cvss_v2: 5.0
+cvss_v3: 7.5
+related:
+  ghsa:
+    - gx8x-g87m-h5q6
+  url:
+    - https://nvd.nist.gov/vuln/detail/cve-2022-24839
+    - https://github.com/sparklemotion/nekohtml/releases/tag/1.9.22.noko2
+    - https://github.com/sparklemotion/nekohtml/commit/a800fce3b079def130ed42a408ff1d09f89e773d
+    - https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ
+    - https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv
+notes: |
+  - NOTE: patch is in "1.9.22.noko2" release but not found on https://rubygems.org/gems/nekohtml.