diff --git a/gatsby/src/pages/security-disclosure-policy.js b/gatsby/src/pages/security-disclosure-policy.js
index c9f22e415..ba4d5b8d6 100644
--- a/gatsby/src/pages/security-disclosure-policy.js
+++ b/gatsby/src/pages/security-disclosure-policy.js
@@ -9,6 +9,13 @@ import config from '../../config'
 
 const HallOfFame = () => {
     const hallOfFameEntries = [
+        {
+            date:'2020-09-20',
+            who: 'Denis Kasak',
+            profile: '/~https://github.com/dkasak',
+            description: 'HTML injection in login fallback endpoints could be used for a Cross-site-scripting attack (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26891">CVE-2020-26891</a>). Fixed in Synapse 1.21.0.',
+            service: "Synapse"
+        },
         {
             date:'2020-09-09',
             who: 'Pritam Mukherjee',