diff --git a/gems/devise/CVE-2019-5421.yml b/gems/devise/CVE-2019-5421.yml
new file mode 100644
index 0000000000..d52cea1973
--- /dev/null
+++ b/gems/devise/CVE-2019-5421.yml
@@ -0,0 +1,13 @@
+---
+gem: devise
+cve: 2019-5421
+url: https://github.com/plataformatec/devise/issues/4981
+title: Devise Gem for Ruby Time-of-check Time-of-use race condition with lockable module
+date: 2019-02-07
+description: |
+  Devise ruby gem before 4.6.0 when the `lockable` module is used is vulnerable to a
+  time-of-check time-of-use (TOCTOU) race condition due to `increment_failed_attempts`
+  within the `Devise::Models::Lockable` class not being concurrency safe.
+
+patched_versions:
+  - ">= 4.6.0"