diff --git a/pkgs/development/libraries/botan/default.nix b/pkgs/development/libraries/botan/default.nix
index 8bcc6aaa8efb..c494fa25f771 100644
--- a/pkgs/development/libraries/botan/default.nix
+++ b/pkgs/development/libraries/botan/default.nix
@@ -9,4 +9,8 @@ callPackage ./generic.nix (args // {
   postPatch = ''
     sed -e 's@lang_flags "@&--std=c++11 @' -i src/build-data/cc/{gcc,clang}.txt
   '';
+  knownVulnerabilities = [
+    # https://botan.randombit.net/security.html#id1
+    "2020-03-24: Side channel during CBC padding"
+  ];
 })
diff --git a/pkgs/development/libraries/botan/generic.nix b/pkgs/development/libraries/botan/generic.nix
index 33f9daf7b50f..2fc5abc2928a 100644
--- a/pkgs/development/libraries/botan/generic.nix
+++ b/pkgs/development/libraries/botan/generic.nix
@@ -4,6 +4,7 @@
 , sourceExtension ? "tar.xz"
 , extraConfigureFlags ? ""
 , postPatch ? null
+, knownVulnerabilities ? [ ]
 , CoreServices
 , Security
 , ...
@@ -49,6 +50,7 @@ stdenv.mkDerivation rec {
     maintainers = with maintainers; [ raskin ];
     platforms = platforms.unix;
     license = licenses.bsd2;
+    inherit knownVulnerabilities;
   };
   passthru.updateInfo.downloadPage = "http://files.randombit.net/botan/";
 }