Hi Mojoman,
You should be able to run the comparison against the Red Hat CVE database, but not sure how much time Red Hat will spend keeping it relevant to CentOS. I'd suggest that you would be able to get a more meaningful communication going with one of the CentOS groups, you may want to look at a specific
CentOS CVE Scanner then see what is required.
Regards
Gull04