Audit: Pkg: openvpn vulnerable -> why?

[unclesam87]

hey,
not quite sure if it is an bug or an feature:
i get for my freshly updated opnsense 24.7.12 an audit warn with the following content: Pkg: openvpn vulnerable

Any ideas why? and what does the audit check really checks?
thanks everybody!

[schwarzsascha]

DESCRIPTION

   pkg audit checks	installed packages for known vulnerabilities and  gen-
   erates  reports	including  references to security advisories.  Its in-
   tended audience is system administrators	and individual users.

   pkg audit uses a	database maintained by port committers and the FreeBSD
   security	team to	check if security advisories for any  installed	 pack-
   ages  exist.   Note that	a current ports	tree (or any local copy	of the
   ports tree) is not required for operation.

   The URL that is used to fetch the database can be  overridden  via  the
   VULNXML_SITE config variable.  See [pkg.conf(5)](https://man.freebsd.org/cgi/man.cgi?query=pkg.conf&sektion=5&apropos=0&manpath=FreeBSD+14.2-RELEASE+and+Ports) for more information.

   If  you	have a vulnerable package installed, you are advised to	update
   or deinstall it immediately.

   Supplying a pkg-name will audit only that package.

https://man.freebsd.org/cgi/man.cgi?pkg-audit(8)