diff --git a/src/components/DataInput.vue b/src/components/DataInput.vue
index 108ab67a..23ad707b 100644
--- a/src/components/DataInput.vue
+++ b/src/components/DataInput.vue
@@ -159,6 +159,10 @@ const extractTargetsFromReport = (parsedReport: Version1OrVersion2) => {
     // validate report format
     if (
       !vulnerabilityTargets.every((i) => {
+        /* Trivy omits the Vulnerabilities array if there are no vulnerabilities,
+         * so we add it as an empty array to allow showing it in the UI report as empty. */
+        i.Vulnerabilities = i.Vulnerabilities || []
+
         const targetValid =
           i.Target && i.Vulnerabilities && Array.isArray(i.Vulnerabilities)
         const vulnerabilitiesValid = i.Vulnerabilities?.every((v) => {