SEMVER version advisories appearing for ecosystems with non-semver versions

[another-rex]

Describe the bug https://osv.dev/vulnerability/MAL-2023-8369 is an example of a SEMVER affected version range in PyPI, which is not a SemVer version.

To Reproduce Try to query the telethon2 package with any version and it will not return that advisory

Expected behaviour The advisory to be returned

Additional context For malicious packages specifically, they generally get removed from the repositories, so we can't enumerate versions. We need some sort of wildcard version that matches all versions, for non-semver ecosystems.