diff --git a/src/package-url.js b/src/package-url.js
index d931bcf..b1e72b9 100644
--- a/src/package-url.js
+++ b/src/package-url.js
@@ -174,6 +174,14 @@ class PackageURL {
     if (path.includes('@')) {
       let index = path.indexOf('@');
       version = decodeURIComponent(path.substring(index + 1));
+
+      // Check that version doesnt contain special characters by checking if first char can be encoded
+      let tempEncoded = encodeURIComponent(version[0]);
+      let tempDecoded = decodeURIComponent(version[0]);
+
+      if (tempDecoded !== tempEncoded) {
+        throw new Error('Invalid purl: version should not include special characters');
+      }
       remainder = path.substring(0, index);
     } else {
       remainder = path;
diff --git a/test/data/test-suite-data.json b/test/data/test-suite-data.json
index 220d079..5fad477 100644
--- a/test/data/test-suite-data.json
+++ b/test/data/test-suite-data.json
@@ -370,5 +370,17 @@
     "qualifiers": null,
     "subpath": null,
     "is_invalid": false
+  },
+  {
+    "description": "invalid maven purl",
+    "purl": "pkg:maven/org.apache.commons/io@@1.4.0",
+    "canonical_purl": "pkg:maven/org.apache.commons/io@@1.4.0",
+    "type": null,
+    "namespace": null,
+    "name": "io",
+    "version": null,
+    "qualifiers": null,
+    "subpath": null,
+    "is_invalid": true
   }
 ]