English
Related papers

Related papers: JavaVFC: Java Vulnerability Fixing Commits from Op…

200 papers
A Manually-Curated Dataset of Fixes to Vulnerabilities of Open-Source Software

Advancing our understanding of software vulnerabilities, automating their identification, the analysis of their impact, and ultimately their mitigation is necessary to enable the development of software that is more secure. While operating…

Software Engineering · Computer Science 2025-03-18 Serena E. Ponta , Henrik Plate , Antonino Sabetta , Michele Bezzi , Cédric Dangremont
VFCFinder: Seamlessly Pairing Security Advisories and Patches

Security advisories are the primary channel of communication for discovered vulnerabilities in open-source software, but they often lack crucial information. Specifically, 63% of vulnerability database reports are missing their patch links,…

Cryptography and Security · Computer Science 2023-11-06 Trevor Dunlap , Elizabeth Lin , William Enck , Bradley Reaves
Code-Centric Detection of Vulnerability-Fixing Commits: A Unified Benchmark and Empirical Study

Automated detection of vulnerability-fixing commits (VFCs) is critical for timely security patch deployment, as advisory databases lag patch releases by a median of 25 days and many fixes never receive advisories. We present a comprehensive…

Software Engineering · Computer Science 2026-05-14 Nils Loose , Joseph Bienhüls , Kristoffer Hempel , Felix Mächtle , Thomas Eisenbarth
Mapping NVD Records to Their Vulnerability-fixing Commits: How Hard is It?

Mapping National Vulnerability Database (NVD) records to vulnerability-fixing commits (VFCs) is crucial for vulnerability analysis but challenging due to sparse explicit links in NVD references. This study explores this mapping's…

Software Engineering · Computer Science 2026-05-19 Huu Hung Nguyen , Ting Zhang , Duc Manh Tran , Yiran Cheng , Thanh Le-Cong , Hong Jin Kang , Ratnadira Widyasari , Shar Lwin Khin , Ouh Eng Lieh , David Lo
Fixseeker: An Empirical Driven Graph-based Approach for Detecting Silent Vulnerability Fixes in Open Source Software

Open source software vulnerabilities pose significant security risks to downstream applications. While vulnerability databases provide valuable information for mitigation, many security patches are released silently in new commits of OSS…

Software Engineering · Computer Science 2025-03-27 Yiran Cheng , Ting Zhang , Lwin Khin Shar , Zhe Lang , David Lo , Shichao Lv , Dongliang Fang , Zhiqiang Shi , Limin Sun
CVEfixes: Automated Collection of Vulnerabilities and Their Fixes from Open-Source Software

Data-driven research on the automated discovery and repair of security vulnerabilities in source code requires comprehensive datasets of real-life vulnerable code and their fixes. To assist in such research, we propose a method to…

Software Engineering · Computer Science 2022-02-08 Guru Prasad Bhandari , Amara Naseer , Leon Moonen
JFinder: A Novel Architecture for Java Vulnerability Identification Based Quad Self-Attention and Pre-training Mechanism

Software vulnerabilities pose significant risks to computer systems, impacting our daily lives, productivity, and even our health. Identifying and addressing security vulnerabilities in a timely manner is crucial to prevent hacking and data…

Cryptography and Security · Computer Science 2023-08-01 Jin Wang , Zishan Huang , Hui Xiao , Yinhao Xiao
VFFINDER: A Graph-based Approach for Automated Silent Vulnerability-Fix Identification

The increasing reliance of software projects on third-party libraries has raised concerns about the security of these libraries due to hidden vulnerabilities. Managing these vulnerabilities is challenging due to the time gap between fixes…

Software Engineering · Computer Science 2023-09-06 Son Nguyen , Thanh Trong Vu , Hieu Dinh Vo
PatchSeeker: Mapping NVD Records to their Vulnerability-fixing Commits with LLM Generated Commits and Embeddings

Software vulnerabilities pose serious risks to modern software ecosystems. While the National Vulnerability Database (NVD) is the authoritative source for cataloging these vulnerabilities, it often lacks explicit links to the corresponding…

Software Engineering · Computer Science 2025-09-10 Huu Hung Nguyen , Anh Tuan Nguyen , Thanh Le-Cong , Yikun Li , Han Wei Ang , Yide Yin , Frank Liauw , Shar Lwin Khin , Ouh Eng Lieh , Ting Zhang , David Lo
ICVul: A Well-labeled C/C++ Vulnerability Dataset with Comprehensive Metadata and VCCs

Machine learning-based software vulnerability detection requires high-quality datasets, which is essential for training effective models. To address challenges related to data label quality, diversity, and comprehensiveness, we constructed…

Software Engineering · Computer Science 2025-05-14 Chaomeng Lu , Tianyu Li , Toon Dehaene , Bert Lagaisse
VulCurator: A Vulnerability-Fixing Commit Detector

Open-source software (OSS) vulnerability management process is important nowadays, as the number of discovered OSS vulnerabilities is increasing over time. Monitoring vulnerability-fixing commits is a part of the standard process to prevent…

Cryptography and Security · Computer Science 2022-09-08 Truong Giang Nguyen , Thanh Le-Cong , Hong Jin Kang , Xuan-Bach D. Le , David Lo
CleanVul: Automatic Function-Level Vulnerability Detection in Code Commits Using LLM Heuristics

Accurate identification of software vulnerabilities is crucial for system integrity. Vulnerability datasets, often derived from the National Vulnerability Database (NVD) or directly from GitHub, are essential for training machine learning…

Software Engineering · Computer Science 2025-09-12 Yikun Li , Ting Zhang , Ratnadira Widyasari , Yan Naing Tun , Huu Hung Nguyen , Tan Bui , Ivana Clairine Irsan , Yiran Cheng , Xiang Lan , Han Wei Ang , Frank Liauw , Martin Weyssow , Hong Jin Kang , Eng Lieh Ouh , Lwin Khin Shar , David Lo
GitBug-Java: A Reproducible Benchmark of Recent Java Bugs

Bug-fix benchmarks are essential for evaluating methodologies in automatic program repair (APR) and fault localization (FL). However, existing benchmarks, exemplified by Defects4J, need to evolve to incorporate recent bug-fixes aligned with…

Software Engineering · Computer Science 2024-11-04 André Silva , Nuno Saavedra , Martin Monperrus
Silent Vulnerability-fixing Commit Identification Based on Graph Neural Networks

The growing dependence of software projects on external libraries has generated apprehensions regarding the security of these libraries because of concealed vulnerabilities. Handling these vulnerabilities presents difficulties due to the…

Software Engineering · Computer Science 2023-09-18 Hieu Dinh Vo , Thanh Trong Vu , Son Nguyen
DeepCVA: Automated Commit-level Vulnerability Assessment with Deep Multi-task Learning

It is increasingly suggested to identify Software Vulnerabilities (SVs) in code commits to give early warnings about potential security risks. However, there is a lack of effort to assess vulnerability-contributing commits right after they…

Software Engineering · Computer Science 2021-08-19 Triet H. M. Le , David Hin , Roland Croft , M. Ali Babar
Automated Mapping of Vulnerability Advisories onto their Fix Commits in Open Source Repositories

The lack of comprehensive sources of accurate vulnerability data represents a critical obstacle to studying and understanding software vulnerabilities (and their corrections). In this paper, we present an approach that combines heuristics…

Software Engineering · Computer Science 2025-03-18 Daan Hommersom , Antonino Sabetta , Bonaventura Coppola , Dario Di Nucci , Damian A. Tamburri
Megadiff: A Dataset of 600k Java Source Code Changes Categorized by Diff Size

This paper presents Megadiff, a dataset of source code diffs. It focuses on Java, with strict inclusion criteria based on commit message and diff size. Megadiff contains 663 029 Java diffs that can be used for research on commit…

Software Engineering · Computer Science 2021-08-11 Martin Monperrus , Matias Martinez , He Ye , Fernanda Madeiral , Thomas Durieux , Zhongxing Yu
VFArch\=e: A Dual-Mode Framework for Locating Vulnerable Functions in Open-Source Software

Software Composition Analysis (SCA) has become pivotal in addressing vulnerabilities inherent in software project dependencies. In particular, reachability analysis is increasingly used in Open-Source Software (OSS) projects to identify…

Software Engineering · Computer Science 2025-06-25 Lyuye Zhang , Jian Zhang , Kaixuan Li , Chong Wang , Chengwei Liu , Jiahui Wu , Sen Chen , Yaowen Zheng , Yang Liu
PatchFinder: A Two-Phase Approach to Security Patch Tracing for Disclosed Vulnerabilities in Open-Source Software

Open-source software (OSS) vulnerabilities are increasingly prevalent, emphasizing the importance of security patches. However, in widely used security platforms like NVD, a substantial number of CVE records still lack trace links to…

Software Engineering · Computer Science 2024-07-25 Kaixuan Li , Jian Zhang , Sen Chen , Han Liu , Yang Liu , Yixiang Chen
Vulnerability Identification by Harnessing Inter-connected Multi-Source Information

The utilization of third-party open-source libraries is widespread in modern software development. Due to the dependency relationships, vulnerabilities within open-source libraries pose significant security threats to downstream software.…

Software Engineering · Computer Science 2026-05-07 Liyou Chen , Hailong Sun , Xiang Gao , Lin Shi , Yixin Yang , Yi Xu
‹ Prev 1 2 3 10 Next ›