diff --git a/security/vuxml/Makefile b/security/vuxml/Makefile
index 11132d8c65d5..1c5016141eb3 100644
--- a/security/vuxml/Makefile
+++ b/security/vuxml/Makefile
@@ -1,106 +1,107 @@
 PORTNAME=	vuxml
 PORTVERSION=	1.1
 PORTREVISION=	6
 CATEGORIES=	security textproc
 MASTER_SITES=	http://www.vuxml.org/dtd/vuxml-1/
 DISTFILES=	vuxml-10.dtd  vuxml-model-10.mod \
 		vuxml-11.dtd  vuxml-model-11.mod \
 		xml1.dcl catalog catalog.xml
 DIST_SUBDIR=	vuxml
 
 MAINTAINER=	ports-secteam@FreeBSD.org
 COMMENT=	Vulnerability and eXposure Markup Language DTD
+WWW=		https://vuxml.freebsd.org/
 
 LICENSE=	BSD2CLAUSE
 
 RUN_DEPENDS=	xmlcatmgr:textproc/xmlcatmgr \
 		xsltproc:textproc/libxslt \
 		${LOCALBASE}/share/xml/dtd/xhtml-modularization/VERSION:textproc/xhtml-modularization \
 		${LOCALBASE}/share/xml/dtd/xhtml-basic/xhtml-basic10.dtd:textproc/xhtml-basic
 
 USES=		python:run
 
 NO_MTREE=	yes
 NO_ARCH=	yes
 NO_BUILD=	yes
 WRKSRC=		${WRKDIR}
 
 dir_DTD=	share/xml/dtd/vuxml
 
 .include <bsd.port.pre.mk>
 
 VUXML_FILE?=	${PKGDIR}/vuln.xml
 VUXML_FLAT_FILE?=	${PKGDIR}/vuln-flat.xml
 _YEAR!=	date +%Y
 VUXML_CURRENT_FILE?=	${PKGDIR}/vuln/${_YEAR}.xml
 
 post-clean:
 	@${RM} "${VUXML_FILE}.tidy"
 	@${RM} "${VUXML_FLAT_FILE}"
 
 do-extract:
 	@${RM} -r ${WRKDIR}
 	@${MKDIR} ${WRKDIR}
 .for f in ${DISTFILES}
 	${CP} ${_DISTDIR}/${f} ${WRKDIR}/${f}
 .endfor
 
 do-install:
 	@${MKDIR} ${STAGEDIR}${PREFIX}/${dir_DTD}
 .for f in ${DISTFILES}
 	${INSTALL_DATA} ${WRKSRC}/${f} ${STAGEDIR}${PREFIX}/${dir_DTD}/${f}
 .endfor
 
 do-test:
 	@${MKDIR} ${WRKDIR}/test
 	@${CP} -R ${.CURDIR}/vuln.xml ${.CURDIR}/vuln ${WRKDIR}/test
 	@cd ${.CURDIR} && make validate PKGDIR=${WRKDIR}/test
 
 ${VUXML_FLAT_FILE}: ${VUXML_FILE} vuln/*.xml
 	xmllint -noent ${.ALLSRC:[1]} > ${.TARGET}
 
 validate: tidy
 	@${SH} ${FILESDIR}/validate.sh "${VUXML_FLAT_FILE}"
 	@${ECHO_MSG} Checking if tidy differs...
 	@if ${DIFF} -u "${VUXML_FLAT_FILE}" "${VUXML_FILE}.tidy"; \
 	then \
 		${ECHO_MSG} ... seems okay; \
 		${RM} "${VUXML_FILE}.tidy"; \
 	else \
 		return 1; \
 	fi
 	@${ECHO_MSG} Checking for space/tab...
 	@unexpand "${VUXML_FLAT_FILE}" | ${SED} -E 's,[[:space:]]*$$,,g' > "${VUXML_FILE}.unexpanded"
 	@if ${DIFF} -u "${VUXML_FLAT_FILE}" "${VUXML_FILE}.unexpanded"; \
 	then \
 		${ECHO_MSG} ... seems okay; \
 		${RM} "${VUXML_FILE}.unexpanded"; \
 	else \
 		${ECHO_MSG} ... see above; \
 		${ECHO_CMD} Consider using ${VUXML_FILE}.unexpanded for final commit; \
 		return 1; \
 	fi
 	${PYTHON_CMD} ${FILESDIR}/extra-validation.py ${VUXML_FLAT_FILE}
 
 tidy: ${VUXML_FLAT_FILE}
 	@if [ ! -e ${LOCALBASE}/share/xml/dtd/vuxml/catalog.xml ]; \
 	then \
 		echo "Please install the VuXML port prior to running make validate/tidy."; \
 		exit 1; \
 	fi
 	${SH} ${FILESDIR}/tidy.sh "${FILESDIR}/tidy.xsl" "${VUXML_FLAT_FILE}" > "${VUXML_FILE}.tidy"
 
 newentry:
 	@${SH} ${FILESDIR}/newentry.sh "${VUXML_CURRENT_FILE}"
 
 .if defined(VID) && !empty(VID)
 html: work/${VID}.html
 work/${VID}.html: ${FILESDIR}/html.xsl ${FILESDIR}/common.css ${VUXML_FILE}
 	${MKDIR} work
 	xsltproc --stringparam vid "${VID}" \
 	    --output ${.TARGET} \
 	    ${FILESDIR}/html.xsl ${VUXML_FILE}
 	${INSTALL_DATA} ${FILESDIR}/common.css work
 .endif
 
 .include <bsd.port.post.mk>
diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml
index 794ada3ebc27..8b880c07b232 100644
--- a/security/vuxml/vuln/2023.xml
+++ b/security/vuxml/vuln/2023.xml
@@ -1,32 +1,61 @@
+  <vuln vid="5b2eac07-8b4d-11ed-8b23-a0f3c100ae18">
+    <topic>rxvt-unicode is vulnerable to a remote code execution</topic>
+    <affects>
+      <package>
+	<name>rxvt-unicode</name>
+	<range><lt>9.31</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Marc Lehmann reports:</p>
+	<blockquote cite="http://lists.schmorp.de/pipermail/rxvt-unicode/2023q1/002638.html">
+	  <p>The biggest issue is resolving CVE-2022-4170, which allows command
+	     execution inside urxvt from within the terminal (that means anything that
+	     can output text in the terminal can start commands in the context of the
+	     urxvt process, even remotely).</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2022-4170</cvename>
+      <url>https://nvd.nist.gov/vuln/detail/CVE-2022-4170</url>
+    </references>
+    <dates>
+      <discovery>2022-12-05</discovery>
+      <entry>2023-01-03</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="86c330fe-bbae-4ca7-85f7-5321e627a4eb">
     <topic>gitea -- multiple issues</topic>
     <affects>
       <package>
 	<name>gitea</name>
 	<range><lt>1.18.0</lt></range>
       </package>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>The Gitea team reports:</p>
 	<blockquote cite="https://github.com/go-gitea/gitea/pull/22219">
 	  <p>Remove ReverseProxy authentication from the API</p>
 	</blockquote>
 	<blockquote cite="https://github.com/go-gitea/gitea/pull/21139">
 	  <p>Support Go Vulnerability Management</p>
 	</blockquote>
 	<blockquote cite="https://github.com/go-gitea/gitea/pull/20935">
 	  <p>Forbid HTML string tooltips</p>
 	</blockquote>
       </body>
     </description>
     <references>
       <url>https://blog.gitea.io/2022/12/gitea-1.18.0-is-released/</url>
       <url>https://github.com/go-gitea/gitea/releases/tag/v1.18.0</url>
     </references>
     <dates>
       <discovery>2022-08-23</discovery>
       <entry>2023-01-02</entry>
     </dates>
   </vuln>