Clone and scan it?
git clone https://github.com/google/flatbuffers -b v23.1.21
grype ./flatbuffers
✔ Indexed file system flatbuffers
✔ Cataloged contents e3c82e6c6bf71c090ee235f26b43aee9b40f120eb4652d8626c7cd714bead4fc
├── ✔ Packages [222 packages]
├── ✔ File digests [17 files]
├── ✔ File metadata [17 locations]
└── ✔ Executables [0 executables]
✔ Scanned for vulnerabilities [13 vulnerability matches]
├── by severity: 0 critical, 7 high, 6 medium, 0 low, 0 negligible
└── by status: 13 fixed, 0 not-fixed, 0 ignored
[0000] WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which is not ideal)
NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY
braces 3.0.2 3.0.3 npm GHSA-grv7-fg5c-xmjg High
cross-spawn 7.0.3 7.0.5 npm GHSA-3xgq-45jj-v275 High
esbuild 0.16.4 0.25.0 npm GHSA-67mh-4wv8-2f99 Medium
google.golang.org/grpc v1.35.0 1.56.3 go-module GHSA-m425-mq94-257g High
google.golang.org/grpc v1.35.0 1.56.3 go-module GHSA-qppj-fm5r-hxr3 Medium
google.golang.org/grpc v1.39.0-dev 1.56.3 go-module GHSA-m425-mq94-257g High
google.golang.org/grpc v1.39.0-dev 1.56.3 go-module GHSA-qppj-fm5r-hxr3 Medium
micromatch 4.0.5 4.0.8 npm GHSA-952p-6rrq-rcjv Medium
semver 5.6.0 5.7.2 npm GHSA-c2qf-rxjj-qqgw High
semver 7.3.7 7.5.2 npm GHSA-c2qf-rxjj-qqgw High
word-wrap 1.2.3 1.2.4 npm GHSA-j8xg-fqg3-53r7 Medium
wget https://repo1.maven.org/maven2/org/rogach/scallop_2.13/5.1.0/scallop_2.13-5.1.0-sources.jar
grype ./scallop_2.13-5.1.0-sources.jar
✔ Indexed file system ./scallop_2.13-5.1.0-sources.jar
✔ Cataloged contents 79a24a3a5c54dd926ea9b41cc1258e58e395f25141c518b1c14afb869cb0bb9d
├── ✔ Packages [1 packages]
├── ✔ File digests [1 files]
├── ✔ File metadata [1 locations]
└── ✔ Executables [0 executables]
✔ Scanned for vulnerabilities [0 vulnerability matches]
├── by severity: 0 critical, 0 high, 0 medium, 0 low, 0 negligible
└── by status: 0 fixed, 0 not-fixed, 0 ignored
No vulnerabilities found