diff --git a/supply-chain/audits.toml b/supply-chain/audits.toml
index 3773ed23dff..09733e404d5 100644
--- a/supply-chain/audits.toml
+++ b/supply-chain/audits.toml
@@ -3231,6 +3231,12 @@ No major updates to the crate here. Small updates to `unsafe` code which are
 refactorings of what was there prior.
 """
 
+[[audits.zstd]]
+who = "Jamey Sharp <jsharp@fastly.com>"
+criteria = "safe-to-deploy"
+violation = "<0.13.0"
+notes = "Buffer overrun fixed in https://github.com/gyscos/zstd-rs/pull/231"
+
 [[audits.zstd-safe]]
 who = "Alex Crichton <alex@alexcrichton.com>"
 criteria = "safe-to-deploy"
@@ -3241,6 +3247,12 @@ Does contain new unsafe code, notably an implementation of an internal trait for
 the standard library `io::Cursor` type.
 """
 
+[[audits.zstd-safe]]
+who = "Jamey Sharp <jsharp@fastly.com>"
+criteria = "safe-to-deploy"
+violation = "<7.0.0"
+notes = "Buffer overrun fixed in https://github.com/gyscos/zstd-rs/pull/231"
+
 [[trusted.aho-corasick]]
 criteria = "safe-to-deploy"
 user-id = 189 # Andrew Gallant (BurntSushi)