There’s a SQL query (for use with the datawarehouse) in another post that gets you close to what you want:
And finally, to work with tags… are you trying to find all vulns on a host with a tag that matches “foo”, or are you trying to aggregate by tag? (an example of the tags you’re looking for would be helpful)