The OSV-Scanner offers an officially supported frontend to this OSV database, which links the list of dependencies for a project with the vulnerabilities that affect them.
The OpenSSF Scorecard Vulnerabilities Check appears to have integrated OSV-Scanner, which implies it will be able to expand the analysis beyond just a project’s direct vulnerabilities to include vulnerabilities in all of its dependencies.
