diff --git a/vulnfeeds/cmd/nvd-cve-osv/main.go b/vulnfeeds/cmd/nvd-cve-osv/main.go
index 86d9cdd74f0..48fab3e01b3 100644
--- a/vulnfeeds/cmd/nvd-cve-osv/main.go
+++ b/vulnfeeds/cmd/nvd-cve-osv/main.go
@@ -219,7 +219,7 @@ func ReposFromReferences(CVE string, cache VendorProductToRepoMap, vp *VendorPro
 			// Also remove it if previously added under an acceptable tag.
 			maybeRemoveFromVPRepoCache(cache, vp, ref.Url)
 			Logger.Infof("[%s]: disregarding %q for %q due to a denied tag in %q", CVE, ref.Url, vp, ref.Tags)
-			break
+			continue
 		}
 		repo, err := cves.Repo(ref.Url)
 		if err != nil {
diff --git a/vulnfeeds/cves/versions_test.go b/vulnfeeds/cves/versions_test.go
index 0ee9df8ef1b..e0142b74b9a 100644
--- a/vulnfeeds/cves/versions_test.go
+++ b/vulnfeeds/cves/versions_test.go
@@ -597,6 +597,15 @@ func TestExtractGitCommit(t *testing.T) {
 				Fixed: "37deefd01f0875e133ea967122e3a5e421b8fcd9",
 			},
 		},
+		{
+			description:     "A GitHub repo that should be working (as seen on CVE-2021-23568)",
+			inputLink:       "https://github.com/eggjs/extend2/commit/aa332a59116c8398976434b57ea477c6823054f8",
+			inputCommitType: Fixed,
+			expectedAffectedCommit: AffectedCommit{
+				Repo:  "https://github.com/eggjs/extend2",
+				Fixed: "aa332a59116c8398976434b57ea477c6823054f8",
+			},
+		},
 	}
 
 	for _, tc := range tests {