fix: confirmed false negatives on a number of Python whl files

[rationalBean]

Description

cve-bin-tool producing false negatives on a number of Python whl files that are known to have CVEs in the NVD database.

For example, Python urllib3 v1.19 whl:
https://files.pythonhosted.org/packages/34/02/f043d2c9e2360dd6f6f1f7e44c71733ede2478e8b084de43375b316105c5/urllib3-1.19-py2.py3-none-any.whl

To reproduce

Steps to reproduce the behaviour:

1. cve-bin-tool -u never -l debug 'urllib3 v1.19 location'

Expected behaviour: cve-bin-tool detects (at least) this CVE: http://nvd.nist.gov/vuln/detail/cve-2019-11236
Actual behaviour: No CVEs identified by cve-bin-tool

Version/platform info

Version of CVE-bin-tool( e.g. output of cve-bin-tool --version): 3.4.1
Installed from pypi or github? Github
Operating system: Amazon Linux 2023.9.20250929
Python version (e.g. python3 --version): Python 3.9.23

Anything else?

All vulnerability data sources updated (as of Nov 5, 2025), so not an old DB problem

I noticed when testing other known vulnerable Python whl files (where the vendor was extracted as "unknown") that CVEs were identified in the DB. So I manually changed line 169 in cve_scanner to "unknown" and finally got CVEs detected for urllib3 1.19.

See original and modified cve-bin-tool scans below:

Original run:

Modified run (manually set vendor to "unknown"):

[ffontaine]

I'm not able to reproduce issue with latest git commit. My python version is 3.13.9, but I assume this is not the issue. Are you sure, that NVD database was correctly updated? Can you retry by deleting cache under ~/.cache/cve-bin-tool and getting a fresh database?