diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..3914591
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,16 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 0.8.x   | :white_check_mark: |
+| 0.7.x   | :x:                |
+| < 0.7   | :x:                |
+
+## Reporting a Vulnerability
+
+Just create an issue or pull request on Github.
+
+> The vulnerability has to be a part of the basic installment e.g. when install by `npm install flexsearch`.
+> Every vulnerability which is included by any of the `devDependencies` probably won't be fixed.