I know this has been implemented already, but I’ve just seen that there is a new alternative: There is a very new REST API on GitHub to get security advisories, see Get global security advisories via REST API - The GitHub Blog. I tested it and it seems to support getting advisories for specific versions of packages even for xwiki-platform:
curl -L \
-H "Accept: application/vnd.github+json" \
-H "X-GitHub-Api-Version: 2022-11-28" \
'https://api.github.com/advisories?ecosystem=maven&affects=org.xwiki.platform:xwiki-platform-livetable-ui@15.1'
This gives me exactly one advisory, which is Obfuscated email addresses should not be sorted · CVE-2023-38509 · GitHub Advisory Database · GitHub which I think is accurate so it seems like this fixes the limitation we currently have with the osv.dev API.