This has been talked about many times over the past few months, but I wanted to mention some specific packages that are available only through Ubuntu Pro, despite being high/critical security vulnerabilities.
graphviz, libcdt, libcaraph6, libgvc6, libavpr2, liblab-aamut1, libpathplan4 (and more) - https://vulners.com/ubuntu/USN-5971-1
libeditorconfig0 - https://vulners.com/ubuntu/USN-5842-1
libavcodec58, libavcodec58-dev, libavdevice-dev, libavformat58, libavformat-dev, libavutil56, libavutil-dev, libpostproc55, libswresample3, libswscale5 (and more) - https://vulners.com/ubuntu/USN-5958-1
exo-utils, libexo, libexo-common - https://vulners.com/ubuntu/USN-6008-1
tigervnc-common, tigervnc-xorg-extension - https://vulners.com/ubuntu/USN-5965-1
cloud-init - https://vulners.com/ubuntu/USN-6042-1
python3-ipython - https://vulners.com/ubuntu/USN-5953-1
All of these have been discovered and patched since the rollout of Ubuntu Pro, but the packages to update them all exist only in ESM, even though they affect Ubuntu 20.04 LTS and 22.04 LTS.
This new policy essentially kills Ubuntu in our organization. If anyone has any suggestion for an enterprise-level solution, not a free account limited to 5 computers, and without spending lots of money (because that's why we started with Ubuntu in the first place), please comment below. (No, I don't count building from the source, that's not sustainable for any organization with more than 20 systems.)
EDIT: To be very clear, 6 months ago, Nessus scans (which are NOT run or influenced by me) turned up no outstanding vulnerabilities. Now that Ubuntu Pro exists and provides an update through a "supported" repository, Nessus scans turn up outstanding vulnerabilities. THAT is why the existence of Ubuntu Pro kills Ubuntu in my organization.
