pkg-1.19.1_1 installed pkg audit on 12.4-RELEASE-p2 system reported this security vulnerability: py39-setuptools-63.1.0 is vulnerable: py39-setuptools -- denial of service vulnerability CVE: CVE-2022-40897 WWW: https://vuxml.FreeBSD.org/freebsd/1b38aec4-4149-4c7d-851c-3c4de3a1fbd0.html so I checked what used it (I am eliminating most responses in the chain): % pkg info -dx py39-setuptools % pkg info -dx python39-3.9 % pkg info -dx readline readline-8.2.1: indexinfo-0.3.1 % pkg info -dx indexinfo-0.3.1 indexinfo-0.3.1: # No port listed suggests that nothing uses it % pkg info -dx indexinfo # Double checking that no ports are listed indexinfo-0.3.1: # Same response # So it's safe to remove: % sudo pkg delete indexinfo-0.3.1 # Which then proceeded to delete most of the ports installed on the system with no warning or ability to confirm!