diff --git a/lib/workers/repository/init/vulnerability.js b/lib/workers/repository/init/vulnerability.js
index 5c38bcbb4bef1a9ee22423b83f0fe3d216e3aec0..65075fcc33777537cfe28a0bf8d6b96b76eed6b6 100644
--- a/lib/workers/repository/init/vulnerability.js
+++ b/lib/workers/repository/init/vulnerability.js
@@ -27,6 +27,13 @@ async function detectVulnerabilityAlerts(input) {
       if (alert.dismissReason) {
         continue; // eslint-disable-line no-continue
       }
+      if (!alert.securityVulnerability.firstPatchedVersion) {
+        logger.info(
+          { alert },
+          'Vulnerability alert has no firstPatchedVersion - skipping'
+        );
+        continue; // eslint-disable-line no-continue
+      }
       const managerMapping = {
         MAVEN: 'maven',
         NPM: 'npm',
diff --git a/test/workers/repository/init/__snapshots__/vulnerability.spec.js.snap b/test/workers/repository/init/__snapshots__/vulnerability.spec.js.snap
index df5ba3d4893ac0992b066e5dbe53515cccd554ad..88cf06aab388d74154a61ef341c0277dc7eb3d6c 100644
--- a/test/workers/repository/init/__snapshots__/vulnerability.spec.js.snap
+++ b/test/workers/repository/init/__snapshots__/vulnerability.spec.js.snap
@@ -63,9 +63,6 @@ Electron version 1.7 up to 1.7.12; 1.8 up to 1.8.3 and 2.0.0 up to 2.0.0-beta.3
       "#### [CVE-2017-7481](https://nvd.nist.gov/vuln/detail/CVE-2017-7481)
 
 Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templating language is now marked as 'unsafe' and is not evaluated.",
-      "#### [CVE-2016-3096](https://nvd.nist.gov/vuln/detail/CVE-2016-3096)
-
-The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path directory, or the (3) lxc-attach-script.log or (4) lxc-attach-script.err files in the temporary directory.",
       "#### [CVE-2015-3908](https://nvd.nist.gov/vuln/detail/CVE-2015-3908)
 
 Ansible before 1.9.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.",
@@ -96,9 +93,6 @@ Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validati
       "#### [CVE-2017-7481](https://nvd.nist.gov/vuln/detail/CVE-2017-7481)
 
 Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templating language is now marked as 'unsafe' and is not evaluated.",
-      "#### [CVE-2016-3096](https://nvd.nist.gov/vuln/detail/CVE-2016-3096)
-
-The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path directory, or the (3) lxc-attach-script.log or (4) lxc-attach-script.err files in the temporary directory.",
       "#### [CVE-2015-3908](https://nvd.nist.gov/vuln/detail/CVE-2015-3908)
 
 Ansible before 1.9.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.",
diff --git a/test/workers/repository/init/vulnerability.spec.js b/test/workers/repository/init/vulnerability.spec.js
index e2321af3abe9a50a56baab1e8e2582ad9dc6ba53..a251da79f0b8719d7e691186fe6b3b88ff12b6c1 100644
--- a/test/workers/repository/init/vulnerability.spec.js
+++ b/test/workers/repository/init/vulnerability.spec.js
@@ -119,7 +119,6 @@ describe('workers/repository/init/vulnerability', () => {
           },
           securityVulnerability: {
             package: { name: 'ansible', ecosystem: 'PIP' },
-            firstPatchedVersion: { identifier: '1.9.6.1' },
             vulnerableVersionRange: '< 1.9.6.1',
           },
         },