diff --git a/rhel/vex/index.go b/rhel/vex/index.go
index c85f49da5..1465fc561 100644
--- a/rhel/vex/index.go
+++ b/rhel/vex/index.go
@@ -108,13 +108,20 @@ func newRemediationIndex() *remediationIndex {
 }
 
 // PopulateRemediations is the populate function for a remediationIndex.
+//
+// Only vendor_fix remediations are indexed, as these are the entries that carry
+// RHSA URLs.
 func populateRemediations(m map[string]*csaf.RemediationData, doc *csaf.CSAF) {
 	for i := range doc.Vulnerabilities {
-		v := &doc.Vulnerabilities[i]
-		for i := range v.Remediations {
-			r := &v.Remediations[i]
+		for j := range doc.Vulnerabilities[i].Remediations {
+			r := &doc.Vulnerabilities[i].Remediations[j]
+			if r.Category != "vendor_fix" {
+				continue
+			}
 			for _, id := range r.ProductIDs {
-				m[id] = r
+				if _, exists := m[id]; !exists {
+					m[id] = r
+				}
 			}
 		}
 	}
diff --git a/rhel/vex/parser.go b/rhel/vex/parser.go
index 0e11a6730..241d1661c 100644
--- a/rhel/vex/parser.go
+++ b/rhel/vex/parser.go
@@ -171,7 +171,9 @@ func (p *Parser) parseDoc(ctx context.Context, doc []byte) (string, []*claircore
 				}
 			}
 		}
-		links = append(links, creator.docLink)
+		if creator.docLink != "" {
+			links = append(links, creator.docLink)
+		}
 
 		var desc string
 		for _, n := range v.Notes {
@@ -736,9 +738,9 @@ func (c *creator) knownAffectedVulnerabilities(ctx context.Context, v *csaf.Vuln
 			vuln.Repo = c.rc.Get(st.WFN, repoKey)
 		}
 
-		// Append VEX product ID as URL fragment to the last link for downstream comparison.
-		if vuln.Links != "" {
-			vuln.Links = vuln.Links + "#" + url.PathEscape(st.ID)
+		// Embed VEX product ID as a URL fragment on the VEX document self-link for downstream comparison.
+		if c.docLink != "" {
+			vuln.Links = strings.Replace(vuln.Links, c.docLink, c.docLink+"#"+url.PathEscape(st.ID), 1)
 		}
 	}
 
@@ -879,14 +881,14 @@ func (c *creator) fixedVulnerabilities(ctx context.Context, v *csaf.Vulnerabilit
 			default:
 				panic("unreachable")
 			}
-			// Find remediations and add RHSA URL to links.
+			// Embed VEX product ID as a URL fragment on the VEX document self-link for downstream comparison.
+			if c.docLink != "" {
+				vuln.Links = strings.Replace(vuln.Links, c.docLink, c.docLink+"#"+url.PathEscape(st.ID), 1)
+			}
+			// Append RHSA URL after the VEX self-link.
 			if rem := st.Remediation; rem != nil {
 				vuln.Links = vuln.Links + " " + rem.URL
 			}
-			// Append VEX product ID as URL fragment to the last link for downstream comparison.
-			if vuln.Links != "" {
-				vuln.Links = vuln.Links + "#" + url.PathEscape(st.ID)
-			}
 
 			commit(key, vuln)
 		}
@@ -993,14 +995,14 @@ func (c *creator) knownNotAffectedVulnerabilities(ctx context.Context, v *csaf.V
 			default:
 				panic("unreachable")
 			}
-			// Find remediations and add RHSA URL to links.
+			// Embed VEX product ID as a URL fragment on the VEX document self-link for downstream comparison.
+			if c.docLink != "" {
+				vuln.Links = strings.Replace(vuln.Links, c.docLink, c.docLink+"#"+url.PathEscape(st.ID), 1)
+			}
+			// Append RHSA URL after the VEX self-link.
 			if rem := st.Remediation; rem != nil {
 				vuln.Links = vuln.Links + " " + rem.URL
 			}
-			// Append VEX product ID as URL fragment to the last link for downstream comparison.
-			if vuln.Links != "" {
-				vuln.Links = vuln.Links + "#" + url.PathEscape(st.ID)
-			}
 
 			commit(key, vuln)
 		}