diff --git a/meta/lib/oe/spdx30_tasks.py b/meta/lib/oe/spdx30_tasks.py
index e3e5dbc742..e20bb0c86f 100644
--- a/meta/lib/oe/spdx30_tasks.py
+++ b/meta/lib/oe/spdx30_tasks.py
@@ -498,6 +498,16 @@ def create_spdx(d):
     # Add CVEs
     cve_by_status = {}
     if include_vex != "none":
+        for cve in oe.cve_check.get_patched_cves(d):
+            spdx_cve = build_objset.new_cve_vuln(cve)
+            build_objset.set_element_alias(spdx_cve)
+
+            cve_by_status.setdefault("Patched", {})[cve] = (
+                spdx_cve,
+                "patched",
+                "",
+            )
+
         for cve in d.getVarFlags("CVE_STATUS") or {}:
             decoded_status = oe.cve_check.decode_cve_status(d, cve)