A component is considered vulnerable when there is a known vulnerability in the version of the component in use.
For example, suppose a popular game relied on a software library that was found to contain a remote code execution vulnerability in the latest version. That version of the library would be a vulnerable component for any computer with the game installed.
Components become outdated and vulnerable over time as new vulnerabilities are discovered and new versions are released.
Keeping components up-to-date is an ongoing process and not something that is done just once.
A component is considered outdated when a more recently released stable version is available.
Examples of outdated components are things like old versions of operating systems, runtime environments, or applications.