diff --git a/meta/lib/oe/sbom30.py b/meta/lib/oe/sbom30.py
index 5d020b934cc0..0f1f9281ad32 100644
--- a/meta/lib/oe/sbom30.py
+++ b/meta/lib/oe/sbom30.py
@@ -704,7 +704,8 @@ class ObjectSet(oe.spdx30.SHACLObjectSet):
         )
         return self.add(v)
 
-    def new_vex_patched_relationship(self, from_, to):
+    def new_vex_patched_relationship(self, from_, to, notes: None):
+        props = {'security_statusNotes': notes} if notes else {}
         return self._new_relationship(
             oe.spdx30.security_VexFixedVulnAssessmentRelationship,
             from_,
@@ -712,9 +713,11 @@ class ObjectSet(oe.spdx30.SHACLObjectSet):
             to,
             spdxid_name="vex-fixed",
             security_vexVersion=VEX_VERSION,
+            **props,
         )
 
-    def new_vex_unpatched_relationship(self, from_, to):
+    def new_vex_unpatched_relationship(self, from_, to, notes: None):
+        props = {'security_statusNotes': notes} if notes else {}
         return self._new_relationship(
             oe.spdx30.security_VexAffectedVulnAssessmentRelationship,
             from_,
@@ -723,9 +726,11 @@ class ObjectSet(oe.spdx30.SHACLObjectSet):
             spdxid_name="vex-affected",
             security_vexVersion=VEX_VERSION,
             security_actionStatement="Mitigation action unknown",
+            **props,
         )
 
-    def new_vex_ignored_relationship(self, from_, to, *, impact_statement):
+    def new_vex_ignored_relationship(self, from_, to, *, impact_statement, notes: None):
+        props = {'security_statusNotes': notes} if notes else {}
         return self._new_relationship(
             oe.spdx30.security_VexNotAffectedVulnAssessmentRelationship,
             from_,
@@ -734,6 +739,7 @@ class ObjectSet(oe.spdx30.SHACLObjectSet):
             spdxid_name="vex-not-affected",
             security_vexVersion=VEX_VERSION,
             security_impactStatement=impact_statement,
+            **props,
         )
 
     def import_bitbake_build_objset(self):
diff --git a/meta/lib/oe/spdx30_tasks.py b/meta/lib/oe/spdx30_tasks.py
index a071d85e10ea..ffedc1e25b59 100644
--- a/meta/lib/oe/spdx30_tasks.py
+++ b/meta/lib/oe/spdx30_tasks.py
@@ -724,7 +724,8 @@ def create_recipe_spdx(d):
 
             if status == "Patched":
                 spdx_vex = recipe_objset.new_vex_patched_relationship(
-                    [spdx_cve_id], [recipe]
+                    [spdx_cve_id], [recipe],
+                    notes=": ".join(v for v in (detail, description) if v)
                 )
                 patches = []
                 for idx, filepath in enumerate(resources):
@@ -749,12 +750,16 @@ def create_recipe_spdx(d):
                     )
 
             elif status == "Unpatched":
-                recipe_objset.new_vex_unpatched_relationship([spdx_cve_id], [recipe])
+                recipe_objset.new_vex_unpatched_relationship(
+                    [spdx_cve_id], [recipe],
+                    notes=": ".join(v for v in (detail, description) if v)
+                )
             elif status == "Ignored":
                 spdx_vex = recipe_objset.new_vex_ignored_relationship(
                     [spdx_cve_id],
                     [recipe],
                     impact_statement=description,
+                    notes=detail,
                 )
 
                 vex_just_type = d.getVarFlag("CVE_CHECK_VEX_JUSTIFICATION", detail)