diff --git a/opa/rego/external/osv.rego b/opa/rego/external/osv.rego
index 375ac0f6..5321f8da 100644
--- a/opa/rego/external/osv.rego
+++ b/opa/rego/external/osv.rego
@@ -273,6 +273,7 @@ advisories = {
 			"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
 		}],
 		"cwe_ids": [],
+		"non_vulnerable_exact_versions": ["v4"],
 		"vulnerable_versions": [],
 		"vulnerable_version_ranges": [">=4,<4.1.7"],
 		"vulnerable_commit_shas": [],
diff --git a/opa/rego/rules/known_vulnerability_in_build_component.rego b/opa/rego/rules/known_vulnerability_in_build_component.rego
index 42202c02..1773262d 100644
--- a/opa/rego/rules/known_vulnerability_in_build_component.rego
+++ b/opa/rego/rules/known_vulnerability_in_build_component.rego
@@ -18,10 +18,13 @@ rule := poutine.rule(rego.metadata.chain())
 step_advisory(step) = advisory if {
 	parts = split(step.uses, "@")
 	action := parts[0]
-	version := trim_left(parts[1], "v")
+	raw_version := parts[1]
+	version := trim_left(raw_version, "v")
 	advisory := advisories[osv_id]
 	advisory.package_name == action
 
+	not raw_version in advisory.non_vulnerable_exact_versions
+
 	regex.match("^[0-9]+(\\.[0-9]+)*?$", version)
 
 	semver.constraint_check(advisory.vulnerable_version_ranges[_], version)