diff --git a/govulncheck/parse.go b/govulncheck/parse.go
index da523ac..b4771d2 100644
--- a/govulncheck/parse.go
+++ b/govulncheck/parse.go
@@ -47,6 +47,8 @@ type Fix struct {
 // to Fix. Only finding messages are considered; modules whose vulnerable
 // symbols are never called are not included. The Fix.Version field uses the
 // module's native version prefix: "v1.2.3".
+//
+//nolint:cyclop
 func Parse(r io.Reader) (map[string]Fix, error) {
 	dec := json.NewDecoder(r)
 
@@ -66,7 +68,7 @@ func Parse(r io.Reader) (map[string]Fix, error) {
 			osvs[msg.OSV.ID] = msg.OSV
 		}
 
-		if msg.Finding == nil || len(msg.Finding.Trace) == 0 {
+		if msg.Finding == nil || msg.Finding.FixedVersion == "" || len(msg.Finding.Trace) == 0 {
 			continue
 		}
 
diff --git a/govulncheck/parse_test.go b/govulncheck/parse_test.go
index a669cb2..4c0f500 100644
--- a/govulncheck/parse_test.go
+++ b/govulncheck/parse_test.go
@@ -89,6 +89,19 @@ func TestParse_MultipleVulnerabilities(t *testing.T) {
 	assert.Equal(t, "GO-2024-0005", fixes["example.com/bar"].OSVs[0].ID)
 }
 
+func TestParse_HandlesNoFix(t *testing.T) {
+	t.Parallel()
+
+	f, err := os.Open("testdata/module-no-fix.json")
+	require.NoError(t, err)
+	t.Cleanup(func() { _ = f.Close() })
+
+	fixes, err := govulncheck.Parse(f)
+
+	require.NoError(t, err)
+	assert.Empty(t, fixes)
+}
+
 func TestParse_OSVMetadata(t *testing.T) {
 	t.Parallel()
 
diff --git a/govulncheck/testdata/module-no-fix.json b/govulncheck/testdata/module-no-fix.json
new file mode 100644
index 0000000..150348e
--- /dev/null
+++ b/govulncheck/testdata/module-no-fix.json
@@ -0,0 +1,4 @@
+{"config":{"protocol_version":"v1.0.0","scanner_name":"govulncheck","scanner_version":"v1.3.0","db":"https://vuln.go.dev","scan_level":"symbol","scan_mode":"source"}}
+{"osv":{"id":"GO-2024-0001","aliases":["CVE-2024-12345","GHSA-aaaa-bbbb-cccc"],"summary":"Remote code execution via crafted input in example.com/foo","references":[{"type":"ADVISORY","url":"https://pkg.go.dev/vuln/GO-2024-0001"},{"type":"WEB","url":"https://www.cve.org/CVERecord?id=CVE-2024-12345"}],"affected":[{"package":{"name":"example.com/foo","ecosystem":"Go"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.2.3"}]}]}]}}
+{"finding":{"osv":"GO-2024-0001","trace":[{"module":"example.com/foo","version":"v1.0.0"}]}}
+