How can I scan for a specific CVE on my own hosts?

We have an application which was vulnerable to CVE-2019-18935 and a malious file was injected into a temp folder (but not executed it seems). We have now resolved the issue by updating a 3rd party Telerik library, but it occurs to me that we could/should have known about our exposure to this much earlier than this month (May 2020) so I’ve been trying to find out how I could have scanned for this vulnerabilty in advance of being exploited?

I have tried to use Kali Linux’s nmap, with the “vulners” script, but it returns several CVEs (which seem to be false positives) and don’t mention the “biggie” which is the Telerik one:

enter image description here I had updated nmap and the databases (from their original Git source) so why would it not know about (or fail to detect) CVE-2019-18935?