diff --git a/.cargo/audit.toml b/.cargo/audit.toml
new file mode 100644
index 00000000..3be1434d
--- /dev/null
+++ b/.cargo/audit.toml
@@ -0,0 +1,9 @@
+[advisories]
+ignore = [
+  # `cargo audit` thinks we depend on `sqlx-mysql` and therefore `rsa`.
+  # We do not, as we do not enable the "mysql" feature for `sqlx`.
+  "RUSTSEC-2023-0071",
+  # `sqlx` may interpret a value larger than 4 GB as commands..
+  # We mitigate this by limiting the size of the request.
+  "RUSTSEC-2024-0363",
+]
diff --git a/flake.nix b/flake.nix
index c41ab316..7a96f6d3 100644
--- a/flake.nix
+++ b/flake.nix
@@ -110,6 +110,7 @@
               pkgs.moreutils
 
               # Rust
+              pkgs.cargo-audit
               pkgs.cargo-edit
               pkgs.cargo-expand
               pkgs.cargo-flamegraph