Announce CVE-2023-46604
diff --git a/src/security-advisories.data/CVE-2023-46604-announcement.txt b/src/security-advisories.data/CVE-2023-46604-announcement.txt
new file mode 100644
index 0000000..97f4b80
--- /dev/null
+++ b/src/security-advisories.data/CVE-2023-46604-announcement.txt
@@ -0,0 +1,25 @@
+Affected versions:
+
+- Apache ActiveMQ 5.18.0 before 5.18.3
+- Apache ActiveMQ 5.17.0 before 5.17.6
+- Apache ActiveMQ 5.16.0 before 5.16.7
+- Apache ActiveMQ before 5.15.16
+- Apache ActiveMQ Legacy OpenWire Module 5.18.0 before 5.18.3
+- Apache ActiveMQ Legacy OpenWire Module 5.17.0 before 5.17.6
+- Apache ActiveMQ Legacy OpenWire Module 5.16.0 before 5.16.7
+- Apache ActiveMQ Legacy OpenWire Module 5.8.0 before 5.15.16
+
+Description:
+
+Apache ActiveMQ is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker with network access to a broker to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate any class on the classpath.
+
+Users are recommended to upgrade to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3, which fixes this issue.
+
+This issue is being tracked as AMQ-9370
+
+References:
+
+https://activemq.apache.org/security-advisories.data/CVE-2023-46604
+https://activemq.apache.org/
+https://www.cve.org/CVERecord?id=CVE-2023-46604
+https://issues.apache.org/jira/browse/AMQ-9370
