diff --git a/registry/package.proto b/registry/package.proto
index 8d4c9c5..3e4da51 100644
--- a/registry/package.proto
+++ b/registry/package.proto
@@ -58,6 +58,9 @@ message SecurityAdvisory {
   optional float cvss_score = 5;
   // OSV API URL for the advisory
   required string api_url = 6;
+  // Other identifiers for the same vulnerability (e.g. a CVE id when the
+  // primary id is a GHSA id, or vice versa).
+  repeated string aliases = 7;
 }
 
 enum AdvisorySeverity {