diff --git a/CHANGELOG.md b/CHANGELOG.md
index 843eb27eef0..ccbb40f2488 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -191,7 +191,7 @@
 
 ### Changed
 
-- [CVE-2023-40030](https://github.com/rust-lang/cargo/security/advisories/GHSA-wrrj-h57r-vx9p):
+- 🚨 [CVE-2023-40030](https://github.com/rust-lang/cargo/security/advisories/GHSA-wrrj-h57r-vx9p):
   Malicious dependencies can inject arbitrary JavaScript into cargo-generated timing reports.
   To mitigate this, feature name validation check is now turned into a hard error.
   The warning was added in Rust 1.49. These extended characters aren't allowed on crates.io,
@@ -326,7 +326,7 @@
 
 ### Fixed
 
-- [CVE-2023-38497](https://github.com/rust-lang/cargo/security/advisories/GHSA-j3xp-wfr4-hx87):
+- 🚨 [CVE-2023-38497](https://github.com/rust-lang/cargo/security/advisories/GHSA-j3xp-wfr4-hx87):
   Cargo 1.71.1 or later respects umask when extracting crate archives. It also
   purges the caches it tries to access if they were generated by older Cargo versions.
 
@@ -1005,7 +1005,7 @@
 ## Cargo 1.66.1 (2023-01-10)
 
 ### Fixed
-- [CVE-2022-46176](https://github.com/rust-lang/cargo/security/advisories/GHSA-r5w3-xm58-jv6j):
+- 🚨 [CVE-2022-46176](https://github.com/rust-lang/cargo/security/advisories/GHSA-r5w3-xm58-jv6j):
   Added validation of SSH host keys for git URLs.
   See [the docs](https://doc.rust-lang.org/cargo/appendix/git-authentication.html#ssh-known-hosts) for more information on how to configure the known host keys.
 
@@ -1231,11 +1231,11 @@
 
 ### Fixed
 
-- [CVE-2022-36113](https://github.com/rust-lang/cargo/security/advisories/GHSA-rfj2-q3h3-hm5j):
+- 🚨 [CVE-2022-36113](https://github.com/rust-lang/cargo/security/advisories/GHSA-rfj2-q3h3-hm5j):
   Extracting malicious crates can corrupt arbitrary files.
   [#11089](https://github.com/rust-lang/cargo/pull/11089)
   [#11088](https://github.com/rust-lang/cargo/pull/11088)
-- [CVE-2022-36114](https://github.com/rust-lang/cargo/security/advisories/GHSA-2hvr-h6gw-qrxp):
+- 🚨 [CVE-2022-36114](https://github.com/rust-lang/cargo/security/advisories/GHSA-2hvr-h6gw-qrxp):
   Extracting malicious crates can fill the file system.
   [#11089](https://github.com/rust-lang/cargo/pull/11089)
   [#11088](https://github.com/rust-lang/cargo/pull/11088)