diff --git a/ossa/OSSA-2020-003.yaml b/ossa/OSSA-2020-003.yaml
index be6c83b..64457ae 100644
--- a/ossa/OSSA-2020-003.yaml
+++ b/ossa/OSSA-2020-003.yaml
@@ -10,17 +10,20 @@ description: >
     sniff the auth header, then use it to reissue an openstack token
     an unlimited number of times.
 
+errata: >
+  CVE-2020-12692 was assigned after the original publication date.
+
 affected-products:
   - product: keystone
     version: '<15.0.1, ==16.0.0'
 
 vulnerabilities:
-  - cve-id: Pending
+  - cve-id: CVE-2020-12692
 
 reporters:
   - name: kay
     reported:
-      - CVE Pending
+      - CVE-2020-12692
 
 issues:
   links:
@@ -45,3 +48,7 @@ reviews:
 notes:
   - The stable/rocky branch is under extended maintenance and will receive no
     new point releases, but a patch for it is provided as a courtesy.
+
+errata_history:
+  - 2020-05-07 - Errata 1
+  - 2020-05-06 - Original Version
\ No newline at end of file
diff --git a/ossa/OSSA-2020-004.yaml b/ossa/OSSA-2020-004.yaml
index 8a1768f..9b1ff38 100644
--- a/ossa/OSSA-2020-004.yaml
+++ b/ossa/OSSA-2020-004.yaml
@@ -9,28 +9,33 @@ description: >
     Any authenticated user could create an EC2 credential for themselves
     for a project that they have a specified role on, then perform an update
     to the credential user and project, allowing them to masquerade as
-    another user. (CVE #1 PENDING)
+    another user. (CVE-2020-12691)
 
     Any authenticated user within a limited scope
     (trust/oauth/application credential) can create an EC2 credential with
     an escalated permission, such as obtaining admin while the user is on
-    a limited viewer role. (CVE #2 PENDING)
+    a limited viewer role. (CVE-2020-12689)
 
     Both of these vulnerabilities potentially allow a malicious user to
     act as admin on a project that another user has the admin role on,
     which can effectively grant the malicious user global admin privileges.
 
+errata: >
+  CVE-2020-12689 and CVE-2020-12691 were assigned after the original publication date.
+
 affected-products:
   - product: keystone
     version: '<15.0.1, ==16.0.0'
 
 vulnerabilities:
-  - cve-id: Pending
+  - cve-id: CVE-2020-12689
+  - cve-id: CVE-2020-12691
 
 reporters:
   - name: kay
     reported:
-      - CVE Pending
+      - CVE-2020-12689
+      - CVE-2020-12691
 
 issues:
   links:
@@ -56,3 +61,7 @@ reviews:
 notes:
   - The stable/rocky branch is under extended maintenance and will receive no
     new point releases, but a patch for it is provided as a courtesy.
+
+errata_history:
+  - 2020-05-07 - Errata 1
+  - 2020-05-06 - Original Version
diff --git a/ossa/OSSA-2020-005.yaml b/ossa/OSSA-2020-005.yaml
index 2dc5dd5..3e258c1 100644
--- a/ossa/OSSA-2020-005.yaml
+++ b/ossa/OSSA-2020-005.yaml
@@ -13,17 +13,20 @@ description: >
     having more role assignments than the creator intended, possibly giving
     unintended escalated access.
 
+errata: >
+  CVE-2020-12690 was assigned after the original publication date.
+
 affected-products:
   - product: keystone
     version: '<15.0.1, ==16.0.0'
 
 vulnerabilities:
-  - cve-id: Pending
+  - cve-id: CVE-2020-12690
 
 reporters:
   - name: kay
     reported:
-      - CVE Pending
+      - CVE-2020-12690
 
 issues:
   links:
@@ -48,3 +51,7 @@ reviews:
 notes:
   - The stable/rocky branch is under extended maintenance and will receive no
     new point releases, but a patch for it is provided as a courtesy.
+
+errata_history:
+  - 2020-05-07 - Errata 1
+  - 2020-05-06 - Original Version
\ No newline at end of file