diff --git a/cve_bin_tool/checkers/README.md b/cve_bin_tool/checkers/README.md
index 02f2cd58e5..688b8dbb71 100644
--- a/cve_bin_tool/checkers/README.md
+++ b/cve_bin_tool/checkers/README.md
@@ -342,7 +342,7 @@ $ sqlite3 ~/.cache/cve-bin-tool/cve.db \
 VPkg: apple, mac_os_x
 VPkg: canonical, ubuntu_linux
 VPkg: debian, debian_linux
-VPkg: libexpat, expat
+VPkg: libexpat_project, libexpat
 VPkg: mozilla, firefox
 VPkg: opensuse, leap
 VPkg: suse, linux_enterprise_debuginfo
@@ -351,8 +351,8 @@ VPkg: suse, linux_enterprise_debuginfo
 `VENDOR_PRODUCT` attribute should have list of tuples of vendor product pair
 found in the listings. Some of the listings will be with regards to products
 that include this product. For our example all listings except
-`libexpat, expat` merely include the target product (`expat` for the
-example SQL query).
+`libexpat_project, libexpat` merely include the target product (`libexpat` for
+the example SQL query).
 
 ## Helper-Script
 
diff --git a/cve_bin_tool/checkers/__init__.py b/cve_bin_tool/checkers/__init__.py
index 7641fb79ca..3cc42df48d 100644
--- a/cve_bin_tool/checkers/__init__.py
+++ b/cve_bin_tool/checkers/__init__.py
@@ -72,7 +72,6 @@
     "emacs",
     "exim",
     "exiv2",
-    "expat",
     "f2fs_tools",
     "faad2",
     "fastd",
@@ -140,6 +139,7 @@
     "libcurl",
     "libdb",
     "libebml",
+    "libexpat",
     "libgcrypt",
     "libgd",
     "libgit2",
diff --git a/cve_bin_tool/checkers/expat.py b/cve_bin_tool/checkers/libexpat.py
similarity index 93%
rename from cve_bin_tool/checkers/expat.py
rename to cve_bin_tool/checkers/libexpat.py
index f6476d47e0..06cea82ec8 100644
--- a/cve_bin_tool/checkers/expat.py
+++ b/cve_bin_tool/checkers/libexpat.py
@@ -29,13 +29,12 @@
 from cve_bin_tool.checkers import Checker
 
 
-class ExpatChecker(Checker):
-    # FIXME: fix contains pattern
+class LibexpatChecker(Checker):
     CONTAINS_PATTERNS = [
         r"reserved prefix (xml) must not be undeclared or bound to another namespace name",
         r"cannot change setting once parsing has begun",
         "requested feature requires XML_DTD support in Expat",
     ]
-    FILENAME_PATTERNS = [r"expat"]
+    FILENAME_PATTERNS = [r"libexpat.so"]
     VERSION_PATTERNS = [r"expat_([012]+\.[0-9]+\.[0-9]+)"]
     VENDOR_PRODUCT = [("libexpat_project", "libexpat")]
diff --git a/cve_bin_tool/cli.py b/cve_bin_tool/cli.py
index 6cd0106895..00927598ad 100644
--- a/cve_bin_tool/cli.py
+++ b/cve_bin_tool/cli.py
@@ -12,7 +12,7 @@
 
 """
 This tool scans for a number of common, vulnerable open source components
-(openssl, libpng, libxml2, expat and a few others) to let you know if your
+(openssl, libpng, libxml2, libexpat and a few others) to let you know if your
 system includes common libraries with known vulnerabilities.  It emits a list
 of CVE numbers that may be relevant to your binary based on the versions.
 There is a flag to enable information about backported fixes for specific
@@ -103,7 +103,7 @@ def main(argv=None):
         description=textwrap.dedent(
             """
             The CVE Binary Tool scans for a number of common, vulnerable open source
-            components (openssl, libpng, libxml2, expat and a few others) to let you know
+            components (openssl, libpng, libxml2, libexpat and a few others) to let you know
             if a given directory or binary file includes common libraries with known
             vulnerabilities.
             """
diff --git a/test/test_checkers.py b/test/test_checkers.py
index 5b31b3127f..65080256a3 100644
--- a/test/test_checkers.py
+++ b/test/test_checkers.py
@@ -71,7 +71,6 @@ def setup_class(cls):
             ("emacs", "emacs", ["emacs"]),
             ("emacs", "emacs-nox", ["emacs"]),
             ("emacs", "emacs-gtk", ["emacs"]),
-            ("expat", "libexpat.so", ["expat"]),
             ("ffmpeg", "libffmpeg.so", ["ffmpeg"]),
             ("gnutls_cli", "libgnutls.so", ["gnutls-cli"]),
             ("gnutls_serv", "gnutls-serv", ["gnutls-serv"]),
@@ -85,6 +84,7 @@ def setup_class(cls):
             ("kerberos", "kerberos", ["kerberos_5"]),
             ("libcurl", "libcurl.so.2.0", ["libcurl"]),
             ("libdb", "libdb-2.0.so", ["libdb"]),
+            ("libexpat", "libexpat.so", ["libexpat"]),
             ("libgcrypt", "libgcrypt.so.1.0", ["libgcrypt"]),
             ("libjpeg", "libjpg.so.2.0", ["libjpeg-turbo"]),
             ("libnss", "libnss.so.1.0", ["nss"]),
diff --git a/test/test_cli.py b/test/test_cli.py
index 1fdc9e4145..5a02a390fa 100644
--- a/test/test_cli.py
+++ b/test/test_cli.py
@@ -198,7 +198,7 @@ def test_skips(self, caplog):
         test_path = str(Path(__file__).parent.resolve() / "csv")
 
         skip_checkers = ["systemd", "xerces", "xml2", "kerberos"]
-        include_checkers = ["expat", "libgcrypt", "openssl", "sqlite"]
+        include_checkers = ["libexpat", "libgcrypt", "openssl", "sqlite"]
         with caplog.at_level(logging.INFO):
             main(["cve-bin-tool", test_path, "-s", ",".join(skip_checkers)])
         self.check_checkers_log(caplog, skip_checkers, include_checkers)
@@ -212,7 +212,7 @@ def test_skips(self, caplog):
     def test_runs(self, caplog):
         test_path = str(Path(__file__).parent.resolve() / "csv")
 
-        runs = ["expat", "libgcrypt", "openssl", "sqlite"]
+        runs = ["libexpat", "libgcrypt", "openssl", "sqlite"]
         skip_checkers = ["systemd", "xerces", "xml2", "kerberos"]
         with caplog.at_level(logging.INFO):
             main(["cve-bin-tool", test_path, "-r", ",".join(runs)])
diff --git a/test/test_data/expat.py b/test/test_data/libexpat.py
similarity index 100%
rename from test/test_data/expat.py
rename to test/test_data/libexpat.py