How cve-check-tool resolve custom package name assigned to a package in a recipe?

[NaeemKK]

I am confused and unable to determine how cve-check-tool resolve the custom package name while finding CVE e.g. I have assigned my own name to the kernel i.e. "Linux-naeem" but using upstream version number.Now how does this tool find CVE by just looking at the name that is not any name of upstream package against which CVE are reported in NVD.