You can search by CPE here: https://nvd.nist.gov/products/cpe/search and search for e.g.:

    cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*
    cpe:2.3:a:todd_miller:sudo:*:*:*:*:*:*:*:*

The above pair are the same "sudo", but split arbitrarily, perhaps varying by assigning authority preference. (There are some other "sudo" named projects too).

Those CPE IDs were determined by a brute-force-ish XML grep:

    xml select -N cpe-23="http://scap.nist.gov/schema/cpe-extension/2.3" -t --match '//cpe-23:cpe23-item' --if 'contains(@name,":sudo:")'  -v "@name" -n official-cpe-dictionary_v2.3.xml

Now, mapping CVE<->CPE is a tricker problem, it's not 1:1 (a single CVE can affect multiple product versions), and harder here since sudo (1986-ish) predates CVEs (1999) by a decade, and CPE (2009) by two. The most capable searches seem to be via non-free APIs or "vulnerability management $olutions", plus a few CLIs tools that need a lot of care and feeding.

This web service is free: https://cve.circl.lu/ But, you cannot search directly by CPE right now; you can start a search by vendor, then filter by product:

    todd_miller sudo: 58 vulnerabilities
    sudo_project sudo: 42 vulnerabilities

Except, for reasons I don't understand, there are duplicates because they somehow source "unique" but overlapping CVEs from multiple databases. The true number might be 50 combined, of varying severity/concern, but I give up now. I'm going to go mutter into my beard for a while.