diff --git a/docs/core/tools/dotnet-package-list.md b/docs/core/tools/dotnet-package-list.md index 61b62441818bf..e0b8839b54294 100644 --- a/docs/core/tools/dotnet-package-list.md +++ b/docs/core/tools/dotnet-package-list.md @@ -122,7 +122,7 @@ The project or solution file to operate on. If not specified, the command search - **`--vulnerable`** Lists packages that have known vulnerabilities. Cannot be combined with `--deprecated` or `--outdated` options. - Use the `` property in your configuration file to specify your source of vulnerability data, which is acquired from the [VulnerabilityInfo](/nuget/api/vulnerability-info) resource. + Available starting in **.NET SDK 9.0.300**, this option uses the `` property in your configuration file to specify your source of vulnerability data, which is acquired from the [VulnerabilityInfo](/nuget/api/vulnerability-info) resource. If `` is not specified, the specified `` are used to load vulnerability data. For more information, see [Audit sources](/nuget/concepts/auditing-packages#audit-sources) and [How to scan NuGet packages for security vulnerabilities](https://devblogs.microsoft.com/nuget/how-to-scan-nuget-packages-for-security-vulnerabilities/).