Running a recent 11.3 nightly, the only pre-2019 CVE mentioned by pkg audit is this one:
py37-yaml-3.13 is vulnerable:
py-yaml -- arbitrary code execution
Even if it's not exploitable, it being 2 years old just doesn't look good. If some newbie is evaluating FreeNAS and runs pkg audit, it would look much better to see only 2019 results.