$ man pkg_version

NAME
pkg_version -- summarize installed versions of packages
(output ommited)

The pkg_version command is used to produce a report of non-base software
packages installed using the pkg_add(1) command.

Each package's version number is checked against one of two sources to
see if that package may require updating. If the package contains infor-
mation about its origin in the FreeBSD ports tree, and a version number
can be determined from the port's Makefile, then the version number from
the Makefile will be used to determine whether the installed package is
up-to-date or requires updating.
(output ommited)
-v Enable verbose output. Verbose output includes some English-text
interpretations of the version number comparisons, as well as the
version numbers compared for each package. Non-verbose output is
probably easier for programs or scripts to parse.

$ man portaudit

NAME
portaudit -- system to check installed packages for known vulnerabilities

DESCRIPTION
portaudit checks installed packages for known vulnerabilities and gener-
ates reports including references to security advisories. Its intended
audience is system administrators and individual users.

portaudit uses a database maintained by port committers and the FreeBSD
security team to check if security advisories for any installed packages
exist. Note that a current ports tree (or any local copy of the ports
tree) is not required for operation.

This package also installs a script into /usr/local/etc/periodic/security
that regularly updates this database and includes a report of vulnerable
packages in the daily security report.

-a Print a vulnerability report for all installed packages.

$!/bin/sh

portaudit=/usr/local/sbin/portaudit
pkg_version=/usr/sbin/pkg_version

for i in $(${portaudit} -a|grep Affected|awk '{print $NF}')
do
${pkg_version} -v | grep $i
done