Challenge: Existing work on affected package identification is limited by large language models . a recent study shows that 84% third-party packages contain security vulnerabilities .
Approach: They propose a method to use LLM to generate the affected package . they propose supervised fine-tuning, retrieval augmented generation and a local search algorithm .
Outcome: The proposed method has an average precision of 0.806 for identifying vulnerable packages in four most popular ecosystems in GitHub Advisory.

Similar Papers

Generalization-Enhanced Code Vulnerability Detection via Multi-Task Instruction Fine-Tuning (2024.findings-acl)

Copied to clipboard

Challenge: Existing CodePre-trained models struggle to generalize due to superficial mapping from source code to labels instead of understanding the root causes of code vulnerabilities.
Approach: They propose a framework that integrates multi-task learning with Large Language Models to effectively mine deep-seated vulnerability features.
Outcome: The proposed framework surpasses seven state-of-the-art models in effectiveness, generalization, and robustness.
Boosting Vulnerability Detection of LLMs via Curriculum Preference Optimization with Synthetic Reasoning Data (2025.findings-acl)

Copied to clipboard

Challenge: Large language models (LLMs) are capable of detecting software vulnerabilities, but lack of reasoning data hinders their ability to capture underlying vulnerability patterns.
Approach: They propose a framework that excels at mining vulnerability patterns through reasoning data synthesizing and vulnerability-specific preference optimization.
Outcome: The proposed framework improves on SVEN and PrimeVul datasets and improves 12.24%-22.77% accuracy.
RealVul: Can We Detect Vulnerabilities in Web Applications with LLM? (2024.emnlp-main)

Copied to clipboard

Challenge: a lack of research specifically focused on vulnerabilities in the PHP language hinders the model’s ability to effectively capture the characteristics of specific vulnerabilities.
Approach: They propose a framework that can isolate potential vulnerability triggers while streamlining code and eliminating unnecessary semantic information.
Outcome: The proposed framework can isolate potential vulnerability triggers while streamlining the code and eliminating unnecessary semantic information.
Benchmarking LLMs and LLM-based Agents in Practical Vulnerability Detection for Code Repositories (2025.acl-long)

Copied to clipboard

Challenge: Large Language Models (LLMs) have shown promise in software vulnerability detection, especially on function-level benchmarks like Devign and BigVul.
Approach: They propose a JIT vulnerability detection benchmark linking each function to its vulnerability-introducing and fixing commits.
Outcome: The proposed JIT vulnerability detection benchmark enables comprehensive evaluation of detection capabilities.
SafeRAG: Benchmarking Security in Retrieval-Augmented Generation of Large Language Model (2025.acl-long)

Copied to clipboard

Challenge: Existing approaches to integrating external knowledge into large language models (LLMs) however, the incorporation of external knowledge increases the vulnerability of LLMs .
Approach: They propose a benchmark to evaluate the RAG security using a dataset . they classify attack tasks into silver noise, inter-context conflict, soft ad, and white Denial-of-Service .
Outcome: The proposed benchmark evaluates the security of RAG against 14 representative RAG components.
DVAGen: Dynamic Vocabulary Augmented Generation (2025.emnlp-demos)

Copied to clipboard

Challenge: Existing dynamic vocabulary approaches struggle to generalize to novel or out-of-vocabulary words, limiting their flexibility in handling diverse token combinations.
Approach: They propose an open-source framework for training, evaluation, and visualization of dynamic vocabulary-augmented language models.
Outcome: The proposed framework validates the effectiveness of dynamic vocabulary-augmented language models on modern LLMs and shows support for batch inference significantly improving inference throughput.
AutoDetect: Towards a Unified Framework for Automated Weakness Detection in Large Language Models (2024.findings-emnlp)

Copied to clipboard

Challenge: Large Language Models (LLMs) exhibit significant but subtle weaknesses, such as mistakes in instruction-following or coding tasks.
Approach: They propose a framework to automatically expose weaknesses in Large Language Models (LLMs) they use three LLM-powered agents to perform comprehensive weakness identification .
Outcome: The proposed framework shows that it is more effective than untargeted data augmentation methods like Self-Instruct to identify weaknesses in LLMs.
Beyond Static Rules: Automated Discovery of Latent Vulnerabilities in Text-to-SQL (2026.findings-acl)

Copied to clipboard

Challenge: Large Language Models (LLMs) have been successful in Text-to-SQL tasks, but their deployment in real-world environments is hindered by latent reliability issues.
Approach: They propose a framework to autonomously uncover latent failure patterns in LLM-based Text-to-SQL generation.
Outcome: The proposed framework uncovers a substantial number of failure cases on state-of-the-art open-source LLMs.
CLeVeR: Multi-modal Contrastive Learning for Vulnerability Code Representation (2025.findings-acl)

Copied to clipboard

Challenge: Existing methods for detecting code capture the overall semantics of the code rather than its intrinsic vulnerability-specific semantics.
Approach: They propose an approach that leverages contrastive learning to generate precise vulnerability code representations under the supervision of vulnerability descriptions.
Outcome: The proposed approach outperforms state-of-the-art methods in vulnerability detection tasks by 11.85% and 13.61%.
Vulnerabilities of Large Language Models to Adversarial Attacks (2024.acl-tutorials)

Copied to clipboard

Challenge: This tutorial focuses on the vulnerabilities of Large Language Models to adversarial attacks . the tutorial lays the foundation by explaining safety-aligned models and concepts in cybersecurity .
Approach: This tutorial lays the foundation by explaining safety-aligned LLMs and concepts in cybersecurity.
Outcome: The tutorial lays the foundation by explaining safety-aligned models and concepts in cybersecurity.

What is GenGO?

GenGO is an NLP powered publication search system. It currenctly indexes 30k+ papers from ACL Anthology, and implements multi-aspect summarization, semantic search, and more!

Information

About
Limitations