diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java
index 9bb0f4021..e756ec888 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java
@@ -443,14 +443,17 @@ public class CveDB {
                 final String previous = rs.getString(3);
                 if (!cveEntries.contains(cveId) && isAffected(cpe.getVendor(), cpe.getProduct(), detectedVersion, cpeId, previous)) {
                     cveEntries.add(cveId);
+                    final Vulnerability v = getVulnerability(cveId);
+                    v.setMatchedCPE(cpeId, previous);
+                    vulnerabilities.add(v);
                 }
             }
             DBUtils.closeResultSet(rs);
             DBUtils.closeStatement(ps);
-            for (String cve : cveEntries) {
-                final Vulnerability v = getVulnerability(cve);
-                vulnerabilities.add(v);
-            }
+//            for (String cve : cveEntries) {
+//                final Vulnerability v = getVulnerability(cve);
+//                vulnerabilities.add(v);
+//            }
 
         } catch (SQLException ex) {
             throw new DatabaseException("Exception retrieving vulnerability for " + cpeStr, ex);