The reuse of third-party open source software (OSS) has become increasingly common, leading to the inadvertent introduction of external vulnerabilities and subsequent security issues. While security patches play a crucial role in software security, the lack of vulnerability patch datasets poses a challenge. In this paper, we introduce VPLocator, an automated approach matching vulnerabilities with commit patches based on large language model (LLM). VPLocator utilizes BERT to extract deep semantic interactive relation between vulnerability description and commit message, and integrates these features with manually selected and extracted features. By training a prediction model based on a multilayer perceptron (MLP), primary VPLocator achieves an average recall rate of 98.2%. Furthermore, advanced VPLocator employs ChatGPT to analyze difference between the code before and after commit modification. By incorporating semantic features from the descriptive understanding text analyzed by ChatGPT, VPLocator enhances precision from 47.7% to 78.7%.
Publications
- Article type
- Year
- Co-author
Article type
Year
Open Access
Erratum
Issue
Tsinghua Science and Technology 2026, 31(4): 2322
Published: 19 November 2025
Downloads:40
Open Access
Research Article
Issue
Tsinghua Science and Technology 2026, 31(2): 809-822
Published: 21 October 2025
Downloads:151
Total 2
京公网安备11010802044758号