diff --git a/2021/26xxx/CVE-2021-26919.json b/2021/26xxx/CVE-2021-26919.json
index 3b2d0d9bede..6ff38a63d9a 100644
--- a/2021/26xxx/CVE-2021-26919.json
+++ b/2021/26xxx/CVE-2021-26919.json
@@ -94,6 +94,11 @@
                 "refsource": "MLIST",
                 "name": "[druid-dev] 20210405 Re: Regarding the CVSS score for CVE-2021-26919",
                 "url": "https://lists.apache.org/thread.html/r470f8c92eb5df45f41b3ae609b6315b6c5ff51b3ceb2f09f00ca620f@%3Cdev.druid.apache.org%3E"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[druid-commits] 20210412 [GitHub] [druid] jihoonson opened a new pull request #11100: [Backport] Allow list for JDBC connection properties to address CVE-2021-26919",
+                "url": "https://lists.apache.org/thread.html/r7a531ec123570cb7875ff991cf115f99e9ef99a48b3cf3fa4f9d9864@%3Ccommits.druid.apache.org%3E"
             }
         ]
     },
diff --git a/2021/28xxx/CVE-2021-28834.json b/2021/28xxx/CVE-2021-28834.json
index e6a202de5fa..5b03091965a 100644
--- a/2021/28xxx/CVE-2021-28834.json
+++ b/2021/28xxx/CVE-2021-28834.json
@@ -81,6 +81,11 @@
                 "refsource": "FEDORA",
                 "name": "FEDORA-2021-edc673e864",
                 "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NJCJVYHPY6LNUFM6LYZIAUIYOMVT5QGV/"
+            },
+            {
+                "refsource": "DEBIAN",
+                "name": "DSA-4890",
+                "url": "https://www.debian.org/security/2021/dsa-4890"
             }
         ]
     }