diff --git a/npm_and_yarn/helpers/lib/npm/vulnerability-auditor.js b/npm_and_yarn/helpers/lib/npm/vulnerability-auditor.js
index b4ce99219c7..e2394e57172 100644
--- a/npm_and_yarn/helpers/lib/npm/vulnerability-auditor.js
+++ b/npm_and_yarn/helpers/lib/npm/vulnerability-auditor.js
@@ -192,11 +192,12 @@ function buildDependencyChains(auditReport, name) {
     }
     if (auditReport.has(node.name)) {
       const vuln = auditReport.get(node.name)
-      if (!vuln.isVulnerable(node)) {
-        // This is a non-vulnerable version of the dependency; end path.
+      if (vuln.isVulnerable(node)) {
+        return [{ fixAvailable: vuln.fixAvailable, nodes: [node, ...chain.nodes] }]
+      } else if (node.name == name) {
+        // This is a non-vulnerable version of the advisory dependency; end path.
         return []
       }
-      return [{ fixAvailable: vuln.fixAvailable, nodes: [node, ...chain.nodes] }]
     }
     if (!node.edgesOut.size) {
       // This is a leaf node that is unaffected by the vuln; end path.