diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index f8af6b3df0..fcce19405b 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -101,6 +101,20 @@ Be willing to comment on the good points and not just the things you want fixed
 	- Are there any omissions or gaps?
 	- Does it check for anomalies?
 
+## Security Advisory
+### For reporter
+Thank you for your reporting!
+
+If you can also create a patch to fix the vulnerability, please create a PR on the private fork.
+
+> ![note]
+> There is a GitHub bug that prevents merging if a PR not following the develop branch of upstream, so please follow the develop branch.
+
+### For misskey-dev member
+修正PRがdevelopに追従されていないとマージできないので、マージできなかったら
+> Could you merge or rebase onto upstream develop branch?
+などと伝える。
+
 ## Deploy
 The `/deploy` command by issue comment can be used to deploy the contents of a PR to the preview environment.
 ```