> -/usr/pkg/bin/wget -o ${NEW_VUL_LIST} ${VUL_SOURCE}
> +/usr/pkg/bin/wget -O ${NEW_VUL_LIST} ${VUL_SOURCE}

The original file has:
${FETCH_CMD} -o ${NEW_VUL_LIST} ${VUL_SOURCE}

This needs to be done differently, because -0 doesn't work with the
default.

FETCH_CMD is usually NetBSD's ftp(1) client:

  -o output
              When auto-fetching files, save the contents in output. ...

Also, curl(1) uses:

        -o/--output <file>
               Write output to <file> instead of  stdout. ...

        -O/--remote-name
               Write output to a local file named like the  remote
               file we get. (Only the file part of the remote file
               is used, the path is cut off.)

With wget(1):

       -o logfile
       --output-file=logfile
           Log all messages to logfile. ...

       -O file
       --output-document=file
           The documents will not be written to the appropriate files, but
           all will be concatenated together and written to file. ...

Maybe the existing vulnerabilities can be backed up, then don't use any -o
or -O switch and just let vulnerabilities be overwritten. Then do the
checks -- and then if not successful, then replace new vulnerabilities
list with the backed up version. This will be the opposite -- and for a
moment the vulnerabilities list may be bad/corrupted. Also, maybe a temp
file, like vulnerabilities.lock, could be created, so other tools (like
audit-packages) know that the vulnerabilities file is not available at
that moment.

Another alternative is to add -O to the ftp(1) client.

   Jeremy C. Reed
   http://bsd.reedmedia.net/