diff --git a/docs/images/icons/security.svg b/docs/images/icons/security.svg
new file mode 100644
index 0000000000000..1452740a4f93d
--- /dev/null
+++ b/docs/images/icons/security.svg
@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" height="48" viewBox="0 96 960 960" width="48"><path d="M450 772h60V515h-60v257Zm30-323q14.45 0 24.225-9.775Q514 429.45 514 415q0-14.45-9.775-24.225Q494.45 381 480 381q-14.45 0-24.225 9.775Q446 400.55 446 415q0 14.45 9.775 24.225Q465.55 449 480 449Zm0 526q-140-35-230-162.5T160 533V295l320-120 320 120v238q0 152-90 279.5T480 975Zm0-62q115-38 187.5-143.5T740 533V337l-260-98-260 98v196q0 131 72.5 236.5T480 913Zm0-337Z"/></svg>
\ No newline at end of file
diff --git a/docs/manifest.json b/docs/manifest.json
index f681b509a0ed1..f73efa4a9957b 100644
--- a/docs/manifest.json
+++ b/docs/manifest.json
@@ -825,6 +825,19 @@
           "path": "cli/version.md"
         }
       ]
+    },
+    {
+      "title": "Security",
+      "description": "Security advisories",
+      "path": "./security/index.md",
+      "icon_path": "./images/icons/security.svg",
+      "children": [
+        {
+          "title": "API tokens of deleted users not invalidated",
+          "description": "Fixed in v0.23.0 (Apr 25, 2023)",
+          "path": "./security/0001_user_apikeys_invalidation.md"
+        }
+      ]
     }
   ]
 }
diff --git a/docs/security/0001_user_apikeys_invalidation.md b/docs/security/0001_user_apikeys_invalidation.md
new file mode 100644
index 0000000000000..e47a5a89d72ba
--- /dev/null
+++ b/docs/security/0001_user_apikeys_invalidation.md
@@ -0,0 +1,68 @@
+# API Tokens of deleted users not invalidated
+
+---
+
+## Summary
+
+Coder identified an issue in [https://github.com/coder/coder](https://github.com/coder/coder) where API tokens belonging to a deleted user were not invalidated. A deleted user in possession of a valid and non-expired API token is still able to use the above token with their full suite of capabilities.
+
+## Impact: HIGH
+
+If exploited, an attacker could perform any action that the deleted user was authorized to perform.
+
+## Exploitability: HIGH
+
+The CLI writes the API key to `~/.coderv2/session` by default, so any deleted user who previously logged in via the Coder CLI has the potential to exploit this. Note that there is a time window for exploitation; API tokens have a maximum lifetime after which they are no longer valid.
+
+The issue only affects users who were active (not suspended) at the time they were deleted. Users who were first suspended and later deleted cannot exploit this issue.
+
+## Affected Versions
+
+All versions of Coder between v0.8.15 and v0.22.2 (inclusive) are affected.
+
+All customers are advised to upgrade to [v0.23.0](https://github.com/coder/coder/releases/tag/v0.23.0) as soon as possible.
+
+## Details
+
+Coder incorrectly failed to invalidate API keys belonging to a user when they were deleted. When authenticating a user via their API key, Coder incorrectly failed to check whether the API key corresponds to a deleted user.
+
+## Indications of Compromise
+
+> 💡 Automated remediation steps in the upgrade purge all affected API keys. Either perform the following query before upgrade or run it on a backup of your database from before the upgrade.
+
+Execute the following SQL query:
+
+```sql
+SELECT
+  users.email,
+  users.updated_at,
+  api_keys.id,
+  api_keys.last_used
+FROM
+  users
+LEFT JOIN
+  api_keys
+ON
+  api_keys.user_id = users.id
+WHERE
+  users.deleted
+AND
+  api_keys.last_used > users.updated_at
+;
+```
+
+If the output is similar to the below, then you are not affected:
+
+```sql
+-----
+(0 rows)
+```
+
+Otherwise, the following information will be reported:
+
+- User email
+- Time the user was last modified (i.e. deleted)
+- User API key ID
+- Time the affected API key was last used
+
+> 💡 If your license includes the [Audit Logs](https://coder.com/docs/v2/latest/admin/audit-logs#filtering-logs) feature, you can then query all actions performed by the above users by using the filter `email:$USER_EMAIL`.
diff --git a/docs/security/index.md b/docs/security/index.md
new file mode 100644
index 0000000000000..76d2d069e657e
--- /dev/null
+++ b/docs/security/index.md
@@ -0,0 +1,15 @@
+# Security Advisories
+
+> If you discover a vulnerability in Coder, please do not hesitate to report it to us by following the instructions [here](https://github.com/coder/coder/blob/main/SECURITY.md).
+
+From time to time, Coder employees or other community members may discover vulnerabilities in the product.
+
+If a vulnerability requires an immediate upgrade to mitigate a potential security risk, we will add it to the below table.
+
+Click on the description links to view more details about each specific vulnerability.
+
+---
+
+| Description                                                                        | Severity | Fix                                                            | Vulnerable Versions |
+| ---------------------------------------------------------------------------------- | -------- | -------------------------------------------------------------- | ------------------- |
+| [API tokens of deleted users not invalidated](./0001_user_apikeys_invalidation.md) | HIGH     | [v0.23.0](https://github.com/coder/coder/releases/tag/v0.23.0) | v0.8.25 - v0.22.2   |