diff --git a/_posts/2018-03-23-MISP.2.4.89.released.md b/_posts/2018-03-23-MISP.2.4.89.released.md
index 3cf635c..cb1c1fc 100755
--- a/_posts/2018-03-23-MISP.2.4.89.released.md
+++ b/_posts/2018-03-23-MISP.2.4.89.released.md
@@ -20,8 +20,8 @@ The API was significantly improved including changes such as attribute UUID in a
 
 Two security bugs were fixed:
 
-- Sanitisation is now properly done from misp-modules especially to avoid XSS from potential malicious expansion modules.
-- An API integrity bug where an authenticated user could edit and overwrite an attribute without the UUID set.
+- Sanitisation is now properly done from misp-modules especially to avoid XSS from potential malicious expansion modules. [CVE-2018-8948](https://cve.circl.lu/cve/CVE-2018-8948)
+- An API integrity bug where an authenticated user could edit and overwrite an attribute without the UUID set. [CVE-2018-8949](https://cve.circl.lu/cve/CVE-2018-8949)
 
 Another important fix was applied to the object handler to remedy a situation where under specific conditions could be overwritten. A recovery tool has been added in the diagnostics page.