Most likely, but not aware of anything specifically.
osquery is best suited for someone to collect the ground truth about what is is installed, there are a lot of tables that supply name+version of components.
If you go here:
https://osquery.io/schema/4.3.0/ and CTRL+F for "version" you'll get a good idea of what data is exposed.
Then you'll have to marry that data with vulnerability data in some magic backend. This is well beyond the scope of osquery.