diff --git a/reports/GO-2022-0379.yaml b/reports/GO-2022-0379.yaml
new file mode 100644
index 00000000..081ac7a1
--- /dev/null
+++ b/reports/GO-2022-0379.yaml
@@ -0,0 +1,22 @@
+packages:
+  - module: github.com/docker/distribution
+    symbols:
+      - UnmarshalManifest
+    versions:
+      - fixed: 2.8.0+incompatible
+    vulnerable_at: 2.7.1+incompatible
+description: |
+    Systems that rely on digest equivalence for image attestations may be
+    vulnerable to type confusion.
+
+    A maliciously crafted OCI Container Image can cause registry clients to
+    parse the same image in two different ways without modifying the image's
+    digest, invalidating the common pattern of relying on container image
+    digests for equivalence.
+
+    This problem has been addressed in newer versions by improving validation
+    in manifest unmarshaling.
+ghsas:
+  - GHSA-qq97-vm5h-rrhg
+links:
+    commit: https://github.com/distribution/distribution/commit/b59a6f827947f9e0e67df0cfb571046de4733586