English
Related papers

Related papers: CrossCommitVuln-Bench: A Dataset of Multi-Commit P…

200 papers

Python has become the most popular programming language as it is friendly to work with for beginners. However, a recent study has found that most security issues in Python have not been indexed by CVE and may only be fixed by 'silent'…

Cryptography and Security · Computer Science 2023-07-25 Shiyu Sun , Shu Wang , Xinda Wang , Yunlong Xing , Elisa Zhang , Kun Sun

In the rapidly evolving software development landscape, Python stands out for its simplicity, versatility, and extensive ecosystem. Python packages, as units of organization, reusability, and distribution, have become a pressing concern,…

Software Engineering · Computer Science 2025-09-05 Haowei Quan , Junjie Wang , Xinzhe Li , Terry Yue Zhuo , Xiao Chen , Xiaoning Du

Automated detection of vulnerability-fixing commits (VFCs) is critical for timely security patch deployment, as advisory databases lag patch releases by a median of 25 days and many fixes never receive advisories. We present a comprehensive…

Software Engineering · Computer Science 2026-05-14 Nils Loose , Joseph Bienhüls , Kristoffer Hempel , Felix Mächtle , Thomas Eisenbarth

Python applications depend on third-party native libraries that may be vendored within package distributions or installed on the host system. When vulnerabilities are discovered in these native libraries, determining which Python packages…

Malicious Python packages make software supply chains vulnerable by exploiting trust in open-source repositories like Python Package Index (PyPI). Lack of real-time behavioral monitoring makes metadata inspection and static code analysis…

Cryptography and Security · Computer Science 2025-03-04 Sk Tanzir Mehedi , Chadni Islam , Gowri Ramachandran , Raja Jurdak

Advancing our understanding of software vulnerabilities, automating their identification, the analysis of their impact, and ultimately their mitigation is necessary to enable the development of software that is more secure. While operating…

Software Engineering · Computer Science 2025-03-18 Serena E. Ponta , Henrik Plate , Antonino Sabetta , Michele Bezzi , Cédric Dangremont

Security patches in open-source software, providing security fixes to identified vulnerabilities, are crucial in protecting against cyberattacks. Despite the National Vulnerability Database (NVD) publishes identified vulnerabilities, a vast…

Cryptography and Security · Computer Science 2021-06-08 Yaqin Zhou , Jing Kai Siow , Chenyu Wang , Shangqing Liu , Yang Liu

It is increasingly suggested to identify Software Vulnerabilities (SVs) in code commits to give early warnings about potential security risks. However, there is a lack of effort to assess vulnerability-contributing commits right after they…

Software Engineering · Computer Science 2021-08-19 Triet H. M. Le , David Hin , Roland Croft , M. Ali Babar

In the domain of security, vulnerabilities frequently remain undetected even after their exploitation. In this work, vulnerabilities refer to publicly disclosed flaws documented in Common Vulnerabilities and Exposures (CVE) reports.…

Cryptography and Security · Computer Science 2025-09-05 Refat Othman , Diaeddin Rimawi , Bruno Rossi , Barbara Russo

The increasing reliance of software projects on third-party libraries has raised concerns about the security of these libraries due to hidden vulnerabilities. Managing these vulnerabilities is challenging due to the time gap between fixes…

Software Engineering · Computer Science 2023-09-06 Son Nguyen , Thanh Trong Vu , Hieu Dinh Vo

Context: Identifying potential vulnerable code is important to improve the security of our software systems. However, the manual detection of software vulnerabilities requires expert knowledge and is time-consuming, and must be supported by…

Cryptography and Security · Computer Science 2022-01-24 Laura Wartschinski , Yannic Noller , Thomas Vogel , Timo Kehrer , Lars Grunske

Automated vulnerability detection research has made substantial progress, yet its real-world impact remains limited. Prior work found that current vulnerability datasets suffer from issues including label inaccuracy rates of 20%-71%,…

Automatically locating vulnerable statements in source code is crucial to assure software security and alleviate developers' debugging efforts. This becomes even more important in today's software ecosystem, where vulnerable code can flow…

Software Engineering · Computer Science 2022-01-14 Yangruibo Ding , Sahil Suneja , Yunhui Zheng , Jim Laredo , Alessandro Morari , Gail Kaiser , Baishakhi Ray

In recent years, the growing complexity and scale of source code have rendered manual software vulnerability detection increasingly impractical. To address this challenge, automated approaches leveraging machine learning and code embeddings…

Software Engineering · Computer Science 2025-09-17 Talaya Farasat , Joachim Posegga

With the development of blockchain technology, the detection of smart contract vulnerabilities is increasingly emphasized. However, when detecting vulnerabilities in inter-contract interactions (i.e., cross-contract vulnerabilities) using…

Cryptography and Security · Computer Science 2024-08-29 Xiao Chen

Cross-Site Request Forgery (CSRF) vulnerabilities are a severe class of web vulnerabilities that have received only marginal attention from the research and security testing communities. While much effort has been spent on countermeasures…

Cryptography and Security · Computer Science 2017-08-30 Giancarlo Pellegrino , Martin Johns , Simon Koch , Michael Backes , Christian Rossow

An attacker can split a malicious goal into sub-prompts that each look benign on their own and only become harmful in combination. Existing LLM safety benchmarks evaluate prompts one at a time, or across turns of a single chat, and so do…

As the number of Common Vulnerabilities and Exposures (CVE) continues to grow exponentially, security teams face increasingly difficult decisions about prioritization. Current approaches using Common Vulnerability Scoring System (CVSS)…

Cryptography and Security · Computer Science 2026-03-05 Naoyuki Shimizu , Masaki Hashimoto

The proliferation of software vulnerabilities poses a significant challenge for security databases and analysts tasked with their timely identification, classification, and remediation. With the National Vulnerability Database (NVD)…

Cryptography and Security · Computer Science 2024-03-05 Daniel Alfasi , Tal Shapira , Anat Bremler Barr

Version control systems are commonly used to manage open-source software, in which each commit may introduce new vulnerabilities or fix existing ones. Researchers have developed various tools for detecting vulnerabilities in code commits,…

Software Engineering · Computer Science 2025-01-08 Zhaonan Wu , Yanjie Zhao , Chen Wei , Zirui Wan , Yue Liu , Haoyu Wang
‹ Prev 1 2 3 10 Next ›