diff --git a/cmd/vulnreport/creator.go b/cmd/vulnreport/creator.go
index 89eb037b..b248e908 100644
--- a/cmd/vulnreport/creator.go
+++ b/cmd/vulnreport/creator.go
@@ -195,10 +195,7 @@ func (c *creator) reportFromMeta(ctx context.Context, meta *reportMeta) error {
 	default:
 		// Regular, full-length reports.
 		addTODOs(r)
-		xrefs, err := c.xref(r)
-		if err != nil {
-			log.Warnf("%s: could not get cross-references: %s", r.ID, err)
-		} else if len(xrefs) != 0 {
+		if xrefs := c.xref(r); len(xrefs) != 0 {
 			log.Infof("%s: found cross-references: %s", r.ID, xrefs)
 		}
 	}
diff --git a/cmd/vulnreport/xref.go b/cmd/vulnreport/xref.go
index 1d8af8bd..ce389c0c 100644
--- a/cmd/vulnreport/xref.go
+++ b/cmd/vulnreport/xref.go
@@ -41,13 +41,8 @@ func (x *xref) close() error { return nil }
 // for the same CVE, GHSA, or module.
 func (x *xref) run(ctx context.Context, input any) (err error) {
 	r := input.(*yamlReport)
-
 	vlog.Out(r.filename)
-	xrefs, err := x.xref(r)
-	if err != nil {
-		return err
-	}
-	vlog.Out(xrefs)
+	vlog.Out(x.xref(r))
 	return nil
 }
 
@@ -68,7 +63,7 @@ type xrefer struct {
 	rc *report.Client
 }
 
-func (x *xrefer) xref(r *yamlReport) (string, error) {
+func (x *xrefer) xref(r *yamlReport) string {
 	out := &strings.Builder{}
 	matches := x.rc.XRef(r.Report)
 	delete(matches, r.filename)
@@ -83,7 +78,7 @@ func (x *xrefer) xref(r *yamlReport) (string, error) {
 			}
 		}
 	}
-	return out.String(), nil
+	return out.String()
 }
 
 func (x *xrefer) xrefCount(mp string) (excluded, regular, notGoCode int) {