That is true.
However, it is still the responsibility of the parent program to report this and fix it. You are likely to break many programs if you just replace the DLL.
We will keep an eye out for this and add detection for DLLs when we become aware of programs that bundle vulnerable versions and "provide" a vector to exploit it (very often Java and AIR vulnerabilities can't be exploited, because there is no feasible vector, the same is the case for many DLLs).
There are many good arguments for implementing this feature, @OLLI_S mentioned some above.
So @Tom you should implement this feature ASAP (otherwise you force us users to expand every application to see available updates).
You already know if there is a new version available or not.
I am using VulnDetect Business for some months now.
I added most computers of my family (wife, daughter, brother, girlfriend of brother, Virtual Machine).
Soon I will add my father.
My "job" is to support them (they have no high computer skills, especially my father, my brother and this girlfriend).
So my brother and his girlfriend often call me and ask if their computer is OK (they are used that I call them and tell them to update some applications).
But they are not often online:
So here I can not warn them that there are vulnerabilities on their systems (because I have to wait until they turn their computers on.
It would be very helpful if the list of apps is updated even without a scan.
So I see available updates and existing vulnerabilities and can actively warn them.
I think this feature could be very interesting for Families where one poor admin is managing multiple computers of family members.
Here the family members can install applications themselves (the admin does not manage the PC like an admin in a company).
And family members might have turned off the PC for some days (not always turned on).
So such a list would be very very helpful.