Sort:
Open Access Erratum Issue
Erratum to “VPLocator: Vulnerability Patch Localization Model Based on LLM”
Tsinghua Science and Technology 2026, 31(4): 2322
Published: 19 November 2025
PDF (42.3 KB) Collect
Downloads:41
Open Access Research Article Issue
VPLocator: Vulnerability Patch Localization Model Based on LLM
Tsinghua Science and Technology 2026, 31(2): 809-822
Published: 21 October 2025
Abstract PDF (1.3 MB) Collect
Downloads:152

The reuse of third-party open source software (OSS) has become increasingly common, leading to the inadvertent introduction of external vulnerabilities and subsequent security issues. While security patches play a crucial role in software security, the lack of vulnerability patch datasets poses a challenge. In this paper, we introduce VPLocator, an automated approach matching vulnerabilities with commit patches based on large language model (LLM). VPLocator utilizes BERT to extract deep semantic interactive relation between vulnerability description and commit message, and integrates these features with manually selected and extracted features. By training a prediction model based on a multilayer perceptron (MLP), primary VPLocator achieves an average recall rate of 98.2%. Furthermore, advanced VPLocator employs ChatGPT to analyze difference between the code before and after commit modification. By incorporating semantic features from the descriptive understanding text analyzed by ChatGPT, VPLocator enhances precision from 47.7% to 78.7%.

Total 2