# SBOM Summary Item | Details | -------- | -------- SBOM File | cve-bin-tool-py3.12.spdx SBOM Type | spdx Version | SPDX-2.3 Name | Python-cve-bin-tool Creator | Tool:sbom4python-0.12.5 Created | 2026-06-01T01:23:29Z Files | 0 Packages | 49 Relationships | 71 Services | 0 Vulnerabilities | 0 # Package Summary Name | Version | PURL | CPE | Type | Supplier | License | Ecosystem | Download | Copyright | -------- | -------- | -------- | -------- | -------- | -------- | -------- | -------- | -------- | -------- cve-bin-tool | 3.4.1 | pkg:pypi/cve-bin-tool@3.4.1 | cpe:2.3:a:terri_oda:cve-bin-tool:3.4.1:*:*:*:*:*:*:* | APPLICATION | Terri Oda (terri.oda@intel.com) | GPL-3.0-or-later | pypi | https://pypi.org/project/cve-bin-tool/3.4.1/#files | NOASSERTION aiohttp | 3.13.5 | pkg:pypi/aiohttp@3.13.5 | | LIBRARY | NOASSERTION | UNKNOWN | pypi | https://pypi.org/project/aiohttp/3.13.5/#files | NOASSERTION aiohappyeyeballs | 2.6.2 | pkg:pypi/aiohappyeyeballs@2.6.2 | cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.6.2:*:*:*:*:*:*:* | LIBRARY | J. Nick Koston (nick@koston.org) | PSF-2.0 | pypi | https://pypi.org/project/aiohappyeyeballs/2.6.2/#files | NOASSERTION aiosignal | 1.4.0 | pkg:pypi/aiosignal@1.4.0 | | LIBRARY | NOASSERTION | Apache-2.0 | pypi | https://pypi.org/project/aiosignal/1.4.0/#files | NOASSERTION frozenlist | 1.8.0 | pkg:pypi/frozenlist@1.8.0 | | LIBRARY | NOASSERTION | Apache-2.0 | pypi | https://pypi.org/project/frozenlist/1.8.0/#files | NOASSERTION typing-extensions | 4.15.0 | pkg:pypi/typing-extensions@4.15.0 | cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.15.0:*:*:*:*:*:*:* | LIBRARY | Guido van Jukka ukasz Michael (levkivskyi@gmail.com) | PSF-2.0 | pypi | https://pypi.org/project/typing-extensions/4.15.0/#files | NOASSERTION attrs | 26.1.0 | pkg:pypi/attrs@26.1.0 | cpe:2.3:a:hynek_schlawack:attrs:26.1.0:*:*:*:*:*:*:* | LIBRARY | Hynek Schlawack (hs@ox.cx) | MIT | pypi | https://pypi.org/project/attrs/26.1.0/#files | NOASSERTION multidict | 6.7.1 | pkg:pypi/multidict@6.7.1 | cpe:2.3:a:andrew_svetlov:multidict:6.7.1:*:*:*:*:*:*:* | LIBRARY | Andrew Svetlov (andrew.svetlov@gmail.com) | Apache-2.0 | pypi | https://pypi.org/project/multidict/6.7.1/#files | NOASSERTION propcache | 0.5.2 | pkg:pypi/propcache@0.5.2 | cpe:2.3:a:andrew_svetlov:propcache:0.5.2:*:*:*:*:*:*:* | LIBRARY | Andrew Svetlov (andrew.svetlov@gmail.com) | Apache-2.0 | pypi | https://pypi.org/project/propcache/0.5.2/#files | NOASSERTION yarl | 1.24.2 | pkg:pypi/yarl@1.24.2 | cpe:2.3:a:andrew_svetlov:yarl:1.24.2:*:*:*:*:*:*:* | LIBRARY | Andrew Svetlov (andrew.svetlov@gmail.com) | Apache-2.0 | pypi | https://pypi.org/project/yarl/1.24.2/#files | NOASSERTION idna | 3.17 | pkg:pypi/idna@3.17 | cpe:2.3:a:kim_davies:idna:3.17:*:*:*:*:*:*:* | LIBRARY | Kim Davies (kim+pypi@gumleaf.org) | BSD-3-Clause | pypi | https://pypi.org/project/idna/3.17/#files | NOASSERTION beautifulsoup4 | 4.14.3 | pkg:pypi/beautifulsoup4@4.14.3 | cpe:2.3:a:leonard_richardson:beautifulsoup4:4.14.3:*:*:*:*:*:*:* | LIBRARY | Leonard Richardson (leonardr@segfault.org) | MIT | pypi | https://pypi.org/project/beautifulsoup4/4.14.3/#files | NOASSERTION soupsieve | 2.8.4 | pkg:pypi/soupsieve@2.8.4 | cpe:2.3:a:isaac_muse:soupsieve:2.8.4:*:*:*:*:*:*:* | LIBRARY | Isaac Muse (Isaac.Muse@gmail.com) | MIT | pypi | https://pypi.org/project/soupsieve/2.8.4/#files | NOASSERTION cvss | 3.6 | pkg:pypi/cvss@3.6 | cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.6:*:*:*:*:*:*:* | LIBRARY | Stanislav Red Hat Product Security (skontar@redhat.com) | LGPL-3.0-or-later | pypi | https://pypi.org/project/cvss/3.6/#files | NOASSERTION defusedxml | 0.7.1 | pkg:pypi/defusedxml@0.7.1 | cpe:2.3:a:christian_heimes:defusedxml:0.7.1:*:*:*:*:*:*:* | LIBRARY | Christian Heimes (christian@python.org) | PSF-2.0 | pypi | https://pypi.python.org/pypi/defusedxml | NOASSERTION distro | 1.9.0 | pkg:pypi/distro@1.9.0 | cpe:2.3:a:nir_cohen:distro:1.9.0:*:*:*:*:*:*:* | LIBRARY | Nir Cohen (nir36g@gmail.com) | Apache-2.0 | pypi | https://pypi.org/project/distro/1.9.0/#files | NOASSERTION filetype | 1.2.0 | pkg:pypi/filetype@1.2.0 | cpe:2.3:a:tomas_aparicio:filetype:1.2.0:*:*:*:*:*:*:* | LIBRARY | Tomas Aparicio (tomas@aparicio.me) | MIT | pypi | https://github.com/h2non/filetype.py/tarball/master | NOASSERTION jinja2 | 3.1.6 | pkg:pypi/jinja2@3.1.6 | | LIBRARY | NOASSERTION | BSD-3-Clause | pypi | https://pypi.org/project/jinja2/3.1.6/#files | NOASSERTION markupsafe | 3.0.3 | pkg:pypi/markupsafe@3.0.3 | | LIBRARY | NOASSERTION | BSD-3-Clause | pypi | https://pypi.org/project/markupsafe/3.0.3/#files | NOASSERTION jsonschema | 4.26.0 | pkg:pypi/jsonschema@4.26.0 | cpe:2.3:a:julian_berman:jsonschema:4.26.0:*:*:*:*:*:*:* | LIBRARY | Julian Berman (Julian+jsonschema@GrayVines.com) | MIT | pypi | https://pypi.org/project/jsonschema/4.26.0/#files | NOASSERTION jsonschema-specifications | 2025.9.1 | pkg:pypi/jsonschema-specifications@2025.9.1 | cpe:2.3:a:julian_berman:jsonschema-specifications:2025.9.1:*:*:*:*:*:*:* | LIBRARY | Julian Berman (Julian+jsonschema-specifications@GrayVines.com) | MIT | pypi | https://pypi.org/project/jsonschema-specifications/2025.9.1/#files | NOASSERTION referencing | 0.37.0 | pkg:pypi/referencing@0.37.0 | cpe:2.3:a:julian_berman:referencing:0.37.0:*:*:*:*:*:*:* | LIBRARY | Julian Berman (Julian+referencing@GrayVines.com) | MIT | pypi | https://pypi.org/project/referencing/0.37.0/#files | NOASSERTION rpds-py | 2026.5.1 | pkg:pypi/rpds-py@2026.5.1 | cpe:2.3:a:julian_berman:rpds-py:2026.5.1:*:*:*:*:*:*:* | LIBRARY | Julian Berman (Julian+rpds@GrayVines.com) | MIT | pypi | https://pypi.org/project/rpds-py/2026.5.1/#files | NOASSERTION lib4sbom | 0.10.4 | pkg:pypi/lib4sbom@0.10.4 | cpe:2.3:a:anthony_harrison:lib4sbom:0.10.4:*:*:*:*:*:*:* | LIBRARY | Anthony Harrison (anthony.p.harrison@gmail.com) | Apache-2.0 | pypi | https://pypi.org/project/lib4sbom/0.10.4/#files | NOASSERTION pyyaml | 6.0.3 | pkg:pypi/pyyaml@6.0.3 | cpe:2.3:a:kirill_simonov:pyyaml:6.0.3:*:*:*:*:*:*:* | LIBRARY | Kirill Simonov (xi@resolvent.net) | MIT | pypi | https://pypi.org/project/PyYAML/ | NOASSERTION semantic-version | 2.10.0 | pkg:pypi/semantic-version@2.10.0 | cpe:2.3:a:raphael_barrois:semantic-version:2.10.0:*:*:*:*:*:*:* | LIBRARY | Raphael Barrois (raphael.barrois+semver@polytechnique.org) | BSD-3-Clause | pypi | https://pypi.org/project/semantic-version/2.10.0/#files | NOASSERTION fastjsonschema | 2.21.2 | pkg:pypi/fastjsonschema@2.21.2 | cpe:2.3:a:michal_horejsek:fastjsonschema:2.21.2:*:*:*:*:*:*:* | LIBRARY | Michal Horejsek (fastjsonschema@horejsek.com) | BSD-3-Clause | pypi | https://pypi.org/project/fastjsonschema/2.21.2/#files | NOASSERTION xmlschema | 4.3.1 | pkg:pypi/xmlschema@4.3.1 | cpe:2.3:a:davide_brunato:xmlschema:4.3.1:*:*:*:*:*:*:* | LIBRARY | Davide Brunato (brunato@sissa.it) | MIT | pypi | https://pypi.org/project/xmlschema/4.3.1/#files | NOASSERTION elementpath | 5.1.1 | pkg:pypi/elementpath@5.1.1 | cpe:2.3:a:davide_brunato:elementpath:5.1.1:*:*:*:*:*:*:* | LIBRARY | Davide Brunato (brunato@sissa.it) | MIT | pypi | https://pypi.org/project/elementpath/5.1.1/#files | NOASSERTION packageurl-python | 0.17.6 | pkg:pypi/packageurl-python@0.17.6 | cpe:2.3:a:the_purl_authors:packageurl-python:0.17.6:*:*:*:*:*:*:* | LIBRARY | the purl authors | MIT | pypi | https://pypi.org/project/packageurl-python/0.17.6/#files | NOASSERTION lib4vex | 0.2.3 | pkg:pypi/lib4vex@0.2.3 | cpe:2.3:a:anthony_harrison:lib4vex:0.2.3:*:*:*:*:*:*:* | LIBRARY | Anthony Harrison (anthony.p.harrison@gmail.com) | Apache-2.0 | pypi | https://pypi.org/project/lib4vex/0.2.3/#files | NOASSERTION csaf-tool | 0.3.2 | pkg:pypi/csaf-tool@0.3.2 | cpe:2.3:a:anthony_harrison:csaf-tool:0.3.2:*:*:*:*:*:*:* | LIBRARY | Anthony Harrison (anthony.p.harrison@gmail.com) | MIT | pypi | https://pypi.org/project/csaf-tool/0.3.2/#files | NOASSERTION rich | 15.0.0 | pkg:pypi/rich@15.0.0 | cpe:2.3:a:will_mcgugan:rich:15.0.0:*:*:*:*:*:*:* | LIBRARY | Will McGugan (willmcgugan@gmail.com) | MIT | pypi | https://pypi.org/project/rich/15.0.0/#files | NOASSERTION markdown-it-py | 4.2.0 | pkg:pypi/markdown-it-py@4.2.0 | cpe:2.3:a:chris_sewell:markdown-it-py:4.2.0:*:*:*:*:*:*:* | LIBRARY | Chris Sewell (chrisj_sewell@hotmail.com) | MIT | pypi | https://pypi.org/project/markdown-it-py/4.2.0/#files | NOASSERTION mdurl | 0.1.2 | pkg:pypi/mdurl@0.1.2 | cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*:*:* | LIBRARY | Taneli Hukkinen (hukkin@users.noreply.github.com) | MIT | pypi | https://pypi.org/project/mdurl/0.1.2/#files | NOASSERTION pygments | 2.20.0 | pkg:pypi/pygments@2.20.0 | cpe:2.3:a:georg_brandl:pygments:2.20.0:*:*:*:*:*:*:* | LIBRARY | Georg Brandl (georg@python.org) | BSD-2-Clause | pypi | https://pypi.org/project/pygments/2.20.0/#files | NOASSERTION packaging | 26.2 | pkg:pypi/packaging@26.2 | cpe:2.3:a:donald_stufft:packaging:26.2:*:*:*:*:*:*:* | LIBRARY | Donald Stufft (donald@stufft.io) | UNKNOWN | pypi | https://pypi.org/project/packaging/26.2/#files | NOASSERTION pefile | 2024.8.26 | pkg:pypi/pefile@2024.8.26 | cpe:2.3:a:ero_carrera:pefile:2024.8.26:*:*:*:*:*:*:* | LIBRARY | Ero Carrera (ero.carrera@gmail.com) | MIT | pypi | https://github.com/erocarrera/pefile/releases/download/v2024.8.26/pefile-2024.8.26.tar.gz | NOASSERTION plotly | 6.7.0 | pkg:pypi/plotly@6.7.0 | cpe:2.3:a:chris_p:plotly:6.7.0:*:*:*:*:*:*:* | LIBRARY | Chris P (chris@plot.ly) | MIT | pypi | https://pypi.org/project/plotly/6.7.0/#files | NOASSERTION narwhals | 2.21.2 | pkg:pypi/narwhals@2.21.2 | cpe:2.3:a:marco_gorelli:narwhals:2.21.2:*:*:*:*:*:*:* | LIBRARY | Marco Gorelli (hello_narwhals@proton.me) | UNKNOWN | pypi | https://pypi.org/project/narwhals/2.21.2/#files | NOASSERTION python-gnupg | 0.5.6 | pkg:pypi/python-gnupg@0.5.6 | cpe:2.3:a:vinay_sajip:python-gnupg:0.5.6:*:*:*:*:*:*:* | LIBRARY | Vinay Sajip (vinay_sajip@yahoo.co.uk) | BSD-3-Clause | pypi | https://pypi.org/project/python-gnupg/0.5.6/#files | NOASSERTION requests | 2.34.2 | pkg:pypi/requests@2.34.2 | cpe:2.3:a:kenneth_reitz:requests:2.34.2:*:*:*:*:*:*:* | LIBRARY | Kenneth Reitz (me@kennethreitz.org) | Apache-2.0 | pypi | https://pypi.org/project/requests/2.34.2/#files | NOASSERTION charset-normalizer | 3.4.7 | pkg:pypi/charset-normalizer@3.4.7 | cpe:2.3:a:ahmed_r.:charset-normalizer:3.4.7:*:*:*:*:*:*:* | LIBRARY | Ahmed R. (tahri.ahmed@proton.me) | MIT | pypi | https://pypi.org/project/charset-normalizer/3.4.7/#files | NOASSERTION urllib3 | 2.7.0 | pkg:pypi/urllib3@2.7.0 | cpe:2.3:a:andrey_petrov:urllib3:2.7.0:*:*:*:*:*:*:* | LIBRARY | Andrey Petrov (andrey.petrov@shazow.net) | MIT | pypi | https://pypi.org/project/urllib3/2.7.0/#files | NOASSERTION certifi | 2026.5.20 | pkg:pypi/certifi@2026.5.20 | cpe:2.3:a:kenneth_reitz:certifi:2026.5.20:*:*:*:*:*:*:* | LIBRARY | Kenneth Reitz (me@kennethreitz.com) | MPL-2.0 | pypi | https://pypi.org/project/certifi/2026.5.20/#files | NOASSERTION rpmfile | 2.2.1 | pkg:pypi/rpmfile@2.2.1 | cpe:2.3:a:sean_ross:rpmfile:2.2.1:*:*:*:*:*:*:* | LIBRARY | Sean Ross (srossross@gmail.com) | MIT | pypi | https://pypi.org/project/rpmfile/2.2.1/#files | NOASSERTION setuptools | 82.0.1 | pkg:pypi/setuptools@82.0.1 | cpe:2.3:a:python_packaging_authority:setuptools:82.0.1:*:*:*:*:*:*:* | LIBRARY | Python Packaging Authority (distutils-sig@python.org) | MIT | pypi | https://pypi.org/project/setuptools/82.0.1/#files | NOASSERTION zipp | 4.1.0 | pkg:pypi/zipp@4.1.0 | cpe:2.3:a:jason_r.:zipp:4.1.0:*:*:*:*:*:*:* | LIBRARY | Jason R. (jaraco@jaraco.com) | MIT | pypi | https://pypi.org/project/zipp/4.1.0/#files | NOASSERTION zstandard | 0.25.0 | pkg:pypi/zstandard@0.25.0 | cpe:2.3:a:gregory_szorc:zstandard:0.25.0:*:*:*:*:*:*:* | LIBRARY | Gregory Szorc (gregory.szorc@gmail.com) | BSD-3-Clause | pypi | https://pypi.org/project/zstandard/0.25.0/#files | NOASSERTION # Component Type Summary Type | Count | -------- | -------- APPLICATION | 1 LIBRARY | 48 # License Summary License | Count | -------- | -------- Apache-2.0 | 9 BSD-2-Clause | 1 BSD-3-Clause | 7 GPL-3.0-or-later | 1 LGPL-3.0-or-later | 1 MIT | 23 MPL-2.0 | 1 PSF-2.0 | 3 UNKNOWN | 3 # Supplier Summary Supplier | Count | -------- | -------- Ahmed R. (tahri.ahmed@proton.me) | 1 Andrew Svetlov (andrew.svetlov@gmail.com) | 3 Andrey Petrov (andrey.petrov@shazow.net) | 1 Anthony Harrison (anthony.p.harrison@gmail.com) | 3 Chris P (chris@plot.ly) | 1 Chris Sewell (chrisj_sewell@hotmail.com) | 1 Christian Heimes (christian@python.org) | 1 Davide Brunato (brunato@sissa.it) | 2 Donald Stufft (donald@stufft.io) | 1 Ero Carrera (ero.carrera@gmail.com) | 1 Georg Brandl (georg@python.org) | 1 Gregory Szorc (gregory.szorc@gmail.com) | 1 Guido van Jukka ukasz Michael (levkivskyi@gmail.com) | 1 Hynek Schlawack (hs@ox.cx) | 1 Isaac Muse (Isaac.Muse@gmail.com) | 1 J. Nick Koston (nick@koston.org) | 1 Jason R. (jaraco@jaraco.com) | 1 Julian Berman (Julian+jsonschema-specifications@GrayVines.com) | 1 Julian Berman (Julian+jsonschema@GrayVines.com) | 1 Julian Berman (Julian+referencing@GrayVines.com) | 1 Julian Berman (Julian+rpds@GrayVines.com) | 1 Kenneth Reitz (me@kennethreitz.com) | 1 Kenneth Reitz (me@kennethreitz.org) | 1 Kim Davies (kim+pypi@gumleaf.org) | 1 Kirill Simonov (xi@resolvent.net) | 1 Leonard Richardson (leonardr@segfault.org) | 1 Marco Gorelli (hello_narwhals@proton.me) | 1 Michal Horejsek (fastjsonschema@horejsek.com) | 1 NOASSERTION | 5 Nir Cohen (nir36g@gmail.com) | 1 Python Packaging Authority (distutils-sig@python.org) | 1 Raphael Barrois (raphael.barrois+semver@polytechnique.org) | 1 Sean Ross (srossross@gmail.com) | 1 Stanislav Red Hat Product Security (skontar@redhat.com) | 1 Taneli Hukkinen (hukkin@users.noreply.github.com) | 1 Terri Oda (terri.oda@intel.com) | 1 Tomas Aparicio (tomas@aparicio.me) | 1 Vinay Sajip (vinay_sajip@yahoo.co.uk) | 1 Will McGugan (willmcgugan@gmail.com) | 1 the purl authors | 1 # NTIA Summary Element | Status | -------- | -------- All file information provided? | True All package information provided? | False Creator identified? | True Creation time identified? | True Dependency relationships provided? | True NTIA conformant False