diff --git a/plugins/advisors/vulnerable-code/src/main/kotlin/VulnerableCode.kt b/plugins/advisors/vulnerable-code/src/main/kotlin/VulnerableCode.kt
index 79b2b09a762c5..df88c8920d2c3 100644
--- a/plugins/advisors/vulnerable-code/src/main/kotlin/VulnerableCode.kt
+++ b/plugins/advisors/vulnerable-code/src/main/kotlin/VulnerableCode.kt
@@ -102,10 +102,14 @@ class VulnerableCode(override val descriptor: PluginDescriptor, config: Vulnerab
         chunks.forEachIndexed { index, chunk ->
             runCatching {
                 val chunkVulnerabilities = service.getPackageVulnerabilities(PackagesWrapper(chunk)).filter {
-                    it.affectedByVulnerabilities.isNotEmpty()
+                    // ORT does not currently distinguish between vulnerabilities for which no fix is available at all
+                    // and those that have been fixed already (in a later version of the same package).
+                    it.affectedByVulnerabilities.isNotEmpty() || it.fixingVulnerabilities.isNotEmpty()
                 }
 
-                allVulnerabilities += chunkVulnerabilities.associate { it.purl to it.affectedByVulnerabilities }
+                allVulnerabilities += chunkVulnerabilities.associate {
+                    it.purl to (it.affectedByVulnerabilities + it.fixingVulnerabilities)
+                }
             }.onFailure {
                 // Create dummy entries for all packages in the chunk as the current data model does not allow to return
                 // issues that are not associated to any package.
diff --git a/plugins/advisors/vulnerable-code/src/test/kotlin/VulnerableCodeTest.kt b/plugins/advisors/vulnerable-code/src/test/kotlin/VulnerableCodeTest.kt
index e27ccbd881281..87e3f14b9f3cc 100644
--- a/plugins/advisors/vulnerable-code/src/test/kotlin/VulnerableCodeTest.kt
+++ b/plugins/advisors/vulnerable-code/src/test/kotlin/VulnerableCodeTest.kt
@@ -147,6 +147,18 @@ class VulnerableCodeTest : WordSpec({
                             vector = null
                         )
                     )
+                ),
+                Vulnerability(
+                    id = "CVE-2009-2459",
+                    references = listOf(
+                        VulnerabilityReference(
+                            URI("https://nvd.nist.gov/vuln/detail/CVE-2014-8242"),
+                            scoringSystem = "cvssv3.1",
+                            severity = "MEDIUM",
+                            score = 6.0f,
+                            vector = null
+                        )
+                    )
                 )
             )
             strutsResult.vulnerabilities should containExactlyInAnyOrder(expStrutsVulnerabilities)