The audit-packages tools provide two scripts:

(1) download-vulnerability-list, an easy way to download a list of
security vulnerabilities which have been published.  This list is kept
up to date by the NetBSD security officer.  It is held at the
well-known URL:

ftp://ftp.netbsd.org/pub/NetBSD/packages/distfiles/vulnerabilities

(2) audit-packages, an easy way to audit the current machine, checking
each vulnerability listed by the security officer.  If a vulnerable
package is installed, it will be shown by output to stdout.