diff --git a/.exiv2.metadata b/.exiv2.metadata
index e03e966..8b058fc 100644
--- a/.exiv2.metadata
+++ b/.exiv2.metadata
@@ -1 +1,3 @@
 ed620c568463179aca7847bee5fda40c11c08318 SOURCES/exiv2-0.27.4-Source.tar.gz
+8bfcbc41598e9377d5938fbc75d63db3e6bd9bc9 SOURCES/issue_ghsa_583f_w9pm_99r2_poc.jp2
+af7e1607f84dc143f09efaced2d6e05064238d4f SOURCES/issue_ghsa_mxw9_qx4c_6m8v_poc.jp2
diff --git a/.gitignore b/.gitignore
index 99c0a9e..c7dbcb6 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,3 @@
 SOURCES/exiv2-0.27.4-Source.tar.gz
+SOURCES/issue_ghsa_583f_w9pm_99r2_poc.jp2
+SOURCES/issue_ghsa_mxw9_qx4c_6m8v_poc.jp2
diff --git a/SOURCES/exiv2-CVE-2021-37618.patch b/SOURCES/exiv2-CVE-2021-37618.patch
index b658a39..ac3f866 100644
--- a/SOURCES/exiv2-CVE-2021-37618.patch
+++ b/SOURCES/exiv2-CVE-2021-37618.patch
@@ -1,3 +1,41 @@
+From f13ebca839e55d0c7ea1c7f57ae667c47fe9c0d5 Mon Sep 17 00:00:00 2001
+From: Kevin Backhouse <kevinbackhouse@github.com>
+Date: Mon, 5 Jul 2021 10:39:08 +0100
+Subject: [PATCH 1/2] Regression test for
+ https://github.com/Exiv2/exiv2/security/advisories/GHSA-583f-w9pm-99r2
+
+---
+ test/data/issue_ghsa_583f_w9pm_99r2_poc.jp2   | Bin 0 -> 32768 bytes
+ .../github/test_issue_ghsa_583f_w9pm_99r2.py  |  18 ++++++++++++++++++
+ 2 files changed, 18 insertions(+)
+ create mode 100644 test/data/issue_ghsa_583f_w9pm_99r2_poc.jp2
+ create mode 100644 tests/bugfixes/github/test_issue_ghsa_583f_w9pm_99r2.py
+
+diff --git a/tests/bugfixes/github/test_issue_ghsa_583f_w9pm_99r2.py b/tests/bugfixes/github/test_issue_ghsa_583f_w9pm_99r2.py
+new file mode 100644
+index 000000000..808916aee
+--- /dev/null
++++ b/tests/bugfixes/github/test_issue_ghsa_583f_w9pm_99r2.py
+@@ -0,0 +1,18 @@
++# -*- coding: utf-8 -*-
++
++from system_tests import CaseMeta, path, check_no_ASAN_UBSAN_errors
++
++class Jp2ImagePrintStructureICC(metaclass=CaseMeta):
++    """
++    Regression test for the bug described in:
++    https://github.com/Exiv2/exiv2/security/advisories/GHSA-583f-w9pm-99r2
++    """
++    url = "https://github.com/Exiv2/exiv2/security/advisories/GHSA-583f-w9pm-99r2"
++
++    filename = path("$data_path/issue_ghsa_583f_w9pm_99r2_poc.jp2")
++    commands = ["$exiv2 -p C $filename"]
++    stdout = [""]
++    stderr = ["""Exiv2 exception in print action for file $filename:
++$kerCorruptedMetadata
++"""]
++    retval = [1]
+
 From dbf472751fc8b87ea7d1de02f54eaf64233a2fb6 Mon Sep 17 00:00:00 2001
 From: Kevin Backhouse <kevinbackhouse@github.com>
 Date: Mon, 5 Jul 2021 10:40:03 +0100
diff --git a/SOURCES/exiv2-CVE-2021-37619.patch b/SOURCES/exiv2-CVE-2021-37619.patch
index 2572914..0dca35b 100644
--- a/SOURCES/exiv2-CVE-2021-37619.patch
+++ b/SOURCES/exiv2-CVE-2021-37619.patch
@@ -1,3 +1,41 @@
+From a7b920bdbde1ee15a1a470d743dbae69ee398c75 Mon Sep 17 00:00:00 2001
+From: Kevin Backhouse <kevinbackhouse@github.com>
+Date: Wed, 30 Jun 2021 16:47:12 +0100
+Subject: [PATCH 1/2] Regression test for
+ https://github.com/Exiv2/exiv2/security/advisories/GHSA-mxw9-qx4c-6m8v
+
+---
+ test/data/issue_ghsa_mxw9_qx4c_6m8v_poc.jp2   | Bin 0 -> 1692 bytes
+ .../github/test_issue_ghsa_mxw9_qx4c_6m8v.py  |  18 ++++++++++++++++++
+ 2 files changed, 18 insertions(+)
+ create mode 100644 test/data/issue_ghsa_mxw9_qx4c_6m8v_poc.jp2
+ create mode 100644 tests/bugfixes/github/test_issue_ghsa_mxw9_qx4c_6m8v.py
+
+diff --git a/tests/bugfixes/github/test_issue_ghsa_mxw9_qx4c_6m8v.py b/tests/bugfixes/github/test_issue_ghsa_mxw9_qx4c_6m8v.py
+new file mode 100644
+index 0000000000..8f8b6676cf
+--- /dev/null
++++ b/tests/bugfixes/github/test_issue_ghsa_mxw9_qx4c_6m8v.py
+@@ -0,0 +1,18 @@
++# -*- coding: utf-8 -*-
++
++from system_tests import CaseMeta, CopyTmpFiles, path, check_no_ASAN_UBSAN_errors
++@CopyTmpFiles("$data_path/issue_ghsa_mxw9_qx4c_6m8v_poc.jp2")
++
++class Jp2ImageEncodeJp2HeaderOutOfBoundsRead2(metaclass=CaseMeta):
++    """
++    Regression test for the bug described in:
++    https://github.com/Exiv2/exiv2/security/advisories/GHSA-mxw9-qx4c-6m8v
++    """
++    url = "https://github.com/Exiv2/exiv2/security/advisories/GHSA-mxw9-qx4c-6m8v"
++
++    filename = path("$tmp_path/issue_ghsa_mxw9_qx4c_6m8v_poc.jp2")
++    commands = ["$exiv2 rm $filename"]
++    stdout = [""]
++    retval = [0]
++
++    compare_stderr = check_no_ASAN_UBSAN_errors
+
 From 9be257340193dbe3fb810aa33531c40ae9df6414 Mon Sep 17 00:00:00 2001
 From: Kevin Backhouse <kevinbackhouse@github.com>
 Date: Wed, 30 Jun 2021 16:47:50 +0100
diff --git a/SPECS/exiv2.spec b/SPECS/exiv2.spec
index 6d31bab..29ac1a4 100644
--- a/SPECS/exiv2.spec
+++ b/SPECS/exiv2.spec
@@ -3,12 +3,16 @@ Summary: Exif and Iptc metadata manipulation library
 Name:    exiv2
 Version: 0.27.4
 %global internal_ver %{version}
-Release: 4%{?dist}
+Release: 5%{?dist}
 
 License: GPLv2+
 URL:     http://www.exiv2.org/
 Source0: http://exiv2.org/builds/%{name}-%{version}-Source.tar.gz
 
+# POC files for upstream issues
+Source1: issue_ghsa_mxw9_qx4c_6m8v_poc.jp2
+Source2: issue_ghsa_583f_w9pm_99r2_poc.jp2
+
 ## upstream patches (lookaside cache)
 Patch1: exiv2-CVE-2021-37618.patch
 Patch2: exiv2-CVE-2021-37619.patch
@@ -69,6 +73,8 @@ BuildArch: noarch
 %prep
 %autosetup -n %{name}-%{version}-Source -p1
 
+cp %{SOURCE1} test/data/issue_ghsa_mxw9_qx4c_6m8v_poc.jp2
+cp %{SOURCE2} test/data/issue_ghsa_583f_w9pm_99r2_poc.jp2
 
 %build
 %{cmake} . \
@@ -121,6 +127,11 @@ test -x %{buildroot}%{_libdir}/libexiv2.so
 
 
 %changelog
+* Tue Aug 24 2021 Jan Grulich <jgrulich@redhat.com> - 0.27.4-5
+- Include missing tests for CVEs
+  Resolves: bz#1993282
+  Resolves: bz#1993245
+
 * Wed Aug 18 2021 Jan Grulich <jgrulich@redhat.com> - 0.27.4-4
 - Fix test for CVE-2021-29470
   Resolves: bz#1993245