diff --git a/gems/loofah/CVE-2018-8048.yml b/gems/loofah/CVE-2018-8048.yml
new file mode 100644
index 0000000000..ee1fadf7e0
--- /dev/null
+++ b/gems/loofah/CVE-2018-8048.yml
@@ -0,0 +1,12 @@
+---
+gem: loofah
+osvdb: 2018-8048
+url: https://github.com/flavorjones/loofah/issues/144
+title: Loofah XSS Vulnerability
+date: 2018-03-16
+
+description: |
+  Loofah allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments.
+
+patched_versions:
+  - ">=  2.2.1"