[In] rhel-8-including-unpatched.oval.xml.bz2, [among] the details of vuln CVE-2017-18342 (definition id: oval:com.redhat.cve:def:201718342) the following affected components are reported:

<component>PyYAML</component>
<component>PyYAML-debugsource</component>
<component>python2-pyyyaml</component>
<component>python38-pyyaml</component>
<component>python39-pyyaml</component>

However, the python3-pyyaml component is missing.

Lookup in VMaaS does find it so it's not immediately clear why it's not being included:

VMaaS.binary_package_names_by_source("PyYAML", ["rhel-8-for-x86_64-baseos-rpms"])
Out[3]: {'rhel-8-for-x86_64-baseos-rpms': ['python3-pyyaml']}