Security Vulnerabilities for all jars

We tried putting a few entries in pom.xml which have known vulnerabilities, but Github shows alerts for only a few of them.  For e.g. activemq-all(v5.7.0) and commons-collections(v3.2.2) have known vulnerability issues, but it doesn’t give alerts for these jars.

Please advise if the alerts are for selective jars or it covers all CVE vulnerabilities.