As briefly discussed here, osv.dev has not support for RPM Ecosystem (right now) but, if you think that it makes sense, we can start discussing it.

Managing rpmdb is different from other lockfiles already supported until now by osv-scanner because they are not text files but instead:

• BerkeleyDB files for rpm before v4.16
• SQLite file for rpm v4.16 and later

Support using current osv-scanner API is straightforward and also the io.Reader support scenario should have no problems (see my latest update of draft #164 that uses temporary files).
I made a PR, of course let me know if it makes sense to you of it's worth waiting support on osv.dev side.