arxiv: 2604.24822 · v1 · submitted 2026-04-27 · 💻 cs.SE · cs.LG

Recognition: unknown

A systematic literature Review for Transformer-based Software Vulnerability detection

Fiza Naseer , Javed Ali Khan , Muhammad Yaqoob , Alexios Mylonas , Ishaya Gambo

Authors on Pith no claims yet

Pith reviewed 2026-05-08 02:53 UTC · model grok-4.3

classification 💻 cs.SE cs.LG

keywords transformer modelssoftware vulnerability detectionsystematic literature reviewdeep learning for codevulnerability analysisencoder decoder architecturessmart contract securitydata imbalance

0 comments

The pith

A review of 80 studies maps how transformer models detect software vulnerabilities and highlights recurring technical gaps.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper conducts a systematic literature review of research from 2021 to 2025 that applies transformer architectures to identify vulnerabilities in code. It organizes the work by model type, data sources, programming languages, and evaluation practices while noting persistent difficulties such as unbalanced datasets and limited ability to explain predictions. A reader would care because software vulnerabilities affect critical systems in finance, health, and government, and transformers are currently the leading approach for automated detection. The review aims to give researchers a single reference point for choosing baselines and spotting open problems rather than leaving each new study to start from scratch.

Core claim

By following Kitchenham guidelines, the authors examined 80 studies and grouped transformer models into encoder-only, decoder-only, and combined encoder-decoder architectures. They catalogued the datasets and code types used, the most common pre-trained models and fine-tuning setups, the vulnerability categories targeted, and the metrics applied. The synthesis shows that most work relies on source code or smart-contract data, that encoder architectures dominate, and that four issues repeatedly surface: class imbalance in training data, lack of interpretability for the model's decisions, poor scaling to large codebases, and weak generalization when the model encounters a different programming

What carries the argument

The systematic classification of transformer architectures into encoder, decoder, and combined types, applied to source code, logs, and smart contracts, which structures the comparison of trends, benchmarks, and open challenges across the 80 studies.

If this is right

Future studies can adopt the most frequently used benchmarks and reference models identified in the review to enable direct comparison.
Researchers should prioritize techniques that mitigate data imbalance and improve cross-language generalization.
New work should incorporate interpretability methods so that vulnerability predictions can be explained to developers.
Scalability experiments on larger codebases are needed before deployment in production environments.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

Security teams could use the consolidated list of common baselines to evaluate commercial tools more consistently.
The emphasis on smart-contract data suggests the review's findings may transfer most readily to blockchain security research.
A natural next step would be to test whether the identified challenges also appear in non-transformer deep-learning approaches to the same problem.
Standardized reporting of dataset statistics and metric choices across papers would make future reviews more reliable.

Load-bearing premise

The 80 chosen papers fully represent all relevant work on the topic and the authors' groupings of architectures, datasets, and challenges contain no selection or interpretation bias.

What would settle it

An independent search that locates substantially more or fewer than 80 qualifying studies between 2021 and 2025, or a re-analysis that places the same papers into different architecture or challenge categories with different frequency counts.

Figures

Figures reproduced from arXiv: 2604.24822 by Alexios Mylonas, Fiza Naseer, Ishaya Gambo, Javed Ali Khan, Muhammad Yaqoob.

**Figure 1.** Figure 1: SLR methodology stages following the Kitchenham guidelines [48] 3. Methodology 3.1. Studies Source In this article, we conduct a systematic literature review following Kitchenham’s guidelines [48] view at source ↗

**Figure 2.** Figure 2: Overall workflow of our systematic survey after reviewing their abstracts, which did not align with the objectives of the proposed study. We searched IEEE Xplore using the keywords "Software vulnerability detection using transformers" because they yielded the most relevant results compared to the main search query. We found 87 papers in total. Of these, we selected 36 papers for the proposed SLR and exclu… view at source ↗

**Figure 3.** Figure 3: Number of Publications per Year illustrates the number of research articles published during the period of 2021 to 2025. It shows an increasing trend of transformer-based approaches for software vulnerability detection, with the highest number of papers published in 2025. It highlights the importance of a detailed SLR on transformer-based approaches to software vulnerability detection by identifying the k… view at source ↗

**Figure 4.** Figure 4: Granularity Level view at source ↗

**Figure 5.** Figure 5: Popular Baselines view at source ↗

read the original abstract

Context: Software vulnerabilities pose significant security threats to software systems, especially as software is increasingly used across many areas of daily life, including health, government, and finance. Recently, transformer-based models have demonstrated promising results in automatic software vulnerability identification due to their robust contextual modelling and representation learning capabilities. Objectives: While numerous systematic literature reviews (SLRs) have examined machine learning and deep learning methods for identifying vulnerabilities, a more transformer-centric analysis remains to be explored. This SLR critically analysed 80 studies published between 2021 and 2025 that utilised transformer models to identify software vulnerabilities. Methods: Using Kitchenhams SLR guidelines, we methodically evaluate current research from various perspectives, encompassing study trends, datasets and sources, programming languages, transformer frameworks, detection detail levels, assessment metrics, reference models, types of vulnerabilities, and experimental configurations. Results: We classify transformer models into encoder, decoder, and combined architectures and analyse both pre-trained and fine-tuned versions utilized on source code, logs, and smart contracts. The results emphasise prevailing research trends, frequently utilised benchmarks, and main baselines. It also uncovers crucial technical issues like data imbalance, interpretability, scalability, and generalization across programming languages. Conclusion: By integrating current evidence and recognising unaddressed research areas, this SLR provides a consolidated resource for researchers and professionals seeking to develop more reliable, precise, and interpretable transformer-based vulnerability identification systems.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

This is a standard SLR on transformers for vulnerability detection that maps recent work but needs full methods details to be credible.

read the letter

This paper is a systematic review of 80 studies from 2021 to 2025 on using transformer models to find software vulnerabilities. It pulls together trends in architectures, datasets, and open problems like data imbalance and interpretability. What stands out is the narrow focus on transformers rather than broader ML or DL methods. The authors classify models into encoder, decoder, and hybrid types, look at pre-trained versus fine-tuned versions, and cover source code, logs, and smart contracts. They also note common benchmarks and metrics. This gives a clear snapshot of where the field is right now, which could help someone new to the area get up to speed without reading every paper. The main soft spot is in the methods. The abstract mentions following Kitchenham guidelines and analyzing various dimensions, but it does not include the actual search strings, databases searched, or a PRISMA diagram with numbers. If the full paper has those details and shows good inter-rater reliability, then the synthesis is trustworthy. Without them, it's hard to know if the 80 papers are representative or if some relevant work was missed, especially hybrid models or papers from certain venues. That makes the classifications of challenges and trends a bit harder to take at face value. Overall, this is the kind of paper that practitioners and PhD students in software security and AI might find handy as a starting point. It does not introduce new methods or data, but it maps the existing work. I would bring it to a reading group if we are discussing applied AI for security. It is not something I would cite directly in my own papers unless I need to reference a specific trend it identifies. It deserves peer review because the topic is timely and the synthesis could be valuable if the protocol is solid.

Referee Report

1 major / 2 minor

Summary. This paper presents a systematic literature review (SLR) of transformer-based models for software vulnerability detection. Following Kitchenham's guidelines, it analyzes 80 studies published 2021-2025 across dimensions including study trends, datasets, programming languages, transformer architectures (encoder/decoder/combined, pre-trained vs. fine-tuned), detection levels, metrics, baselines, vulnerability types, and experimental setups. It classifies models, highlights benchmarks, and identifies challenges such as data imbalance, interpretability, scalability, and cross-language generalization, concluding with research gaps.

Significance. If the underlying selection and classification process proves reproducible and unbiased, the review would offer a timely consolidation of recent transformer applications in vulnerability detection, useful for identifying prevalent benchmarks, baselines, and open technical issues. No machine-checked proofs or parameter-free derivations are present; the value rests entirely on the completeness and transparency of the literature synthesis.

major comments (1)

[Methods] Methods section: The claim of following Kitchenham's SLR guidelines is not supported by the required reporting elements. No Boolean search strings, database list with execution dates, PRISMA flow diagram with exact counts at each stage, detailed inclusion/exclusion criteria, quality assessment protocol, or inter-rater reliability measures (e.g., Cohen's kappa) are provided. This directly undermines verification that the 80 studies form a complete, unbiased sample and that classifications of architectures, datasets, and challenges are free from selection or interpretation bias.

minor comments (2)

[Abstract] Abstract: 'Kitchenhams SLR guidelines' should read 'Kitchenham's SLR guidelines'.
[Abstract] Abstract: The range '2021 and 2025' includes a future year; clarify the actual search cutoff date.

Simulated Author's Rebuttal

1 responses · 0 unresolved

We thank the referee for the constructive feedback on our systematic literature review. We address the major comment regarding the methods section below and will revise the manuscript to improve transparency and reproducibility.

read point-by-point responses

Referee: [Methods] Methods section: The claim of following Kitchenham's SLR guidelines is not supported by the required reporting elements. No Boolean search strings, database list with execution dates, PRISMA flow diagram with exact counts at each stage, detailed inclusion/exclusion criteria, quality assessment protocol, or inter-rater reliability measures (e.g., Cohen's kappa) are provided. This directly undermines verification that the 80 studies form a complete, unbiased sample and that classifications of architectures, datasets, and challenges are free from selection or interpretation bias.

Authors: We acknowledge that the current version of the manuscript does not provide the full set of reporting elements required to substantiate adherence to Kitchenham's SLR guidelines. While the methods overview states that Kitchenham's guidelines were followed and describes the overall process at a high level, specific details such as Boolean search strings, database execution dates, a PRISMA flow diagram, explicit inclusion/exclusion criteria, quality assessment protocol, and inter-rater reliability measures (e.g., Cohen's kappa) are indeed absent. This limits independent verification of completeness and bias. In the revised manuscript, we will expand the Methods section with a dedicated subsection that includes: (1) the complete Boolean search strings for each database, (2) the list of databases with exact search execution dates, (3) a PRISMA flow diagram showing exact counts at each screening stage, (4) detailed inclusion and exclusion criteria, (5) the quality assessment protocol and scoring, and (6) inter-rater reliability statistics. These additions will directly support the claim of following the guidelines and allow readers to assess the sample and classifications. We maintain that the 80 studies were selected systematically, but agree that greater detail is essential for full transparency. revision: yes

Circularity Check

0 steps flagged

No circularity in this systematic literature review

full rationale

This paper is a systematic literature review that synthesizes findings from 80 existing studies on transformer-based vulnerability detection using Kitchenham guidelines. It contains no derivations, equations, predictions, fitted parameters, or first-principles results. The central claims consist of classifications of architectures, datasets, trends, and challenges drawn from the reviewed literature, with no steps that reduce by construction to the paper's own inputs or self-citations. The work is self-contained as an external synthesis and exhibits no load-bearing circular patterns.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 0 invented entities

The review rests on the assumption that Kitchenham's SLR methodology is suitable and that the selected papers adequately cover the transformer-based vulnerability detection literature.

axioms (1)

domain assumption Kitchenham's guidelines provide an appropriate and unbiased framework for reviewing software engineering literature on AI methods.
Explicitly stated in the methods section of the abstract.

pith-pipeline@v0.9.0 · 5561 in / 1179 out tokens · 46538 ms · 2026-05-08T02:53:43.636212+00:00 · methodology

discussion (0)

Reference graph

Works this paper leans on

114 extracted references · 3 canonical work pages · 1 internal anchor

[1]

Future Internet 14, 118

Alaoui,R.L.,Nfaoui,E.H.,2022.Deeplearningforvulnerabilityand attackdetectiononwebapplications:Asystematicliteraturereview. Future Internet 14, 118

2022
[2]

Deep learning-based improved transformer modelonandroidmalwaredetectionandclassificationininternetof vehicles

Almakayeel, N., 2024. Deep learning-based improved transformer modelonandroidmalwaredetectionandclassificationininternetof vehicles. Scientific Reports 14, 25175

2024
[3]

Low level source code vulnerability detection using advanced bert language model., in: Canadian AI

Alqarni, M., Azim, A., 2022. Low level source code vulnerability detection using advanced bert language model., in: Canadian AI

2022
[4]

C3- vulmap: A dataset for privacy-aware vulnerability detection in healthcare systems

Ameh, J.E., Otebolaku, A., Shenfield, A., Ikpehai, A., 2025. C3- vulmap: A dataset for privacy-aware vulnerability detection in healthcare systems. Electronics 14, 2703

2025
[5]

Db- cbil: A distilbert-based transformer hybrid model using cnn and bilstm for software vulnerability detection

Bahaa, A., Kamal, A.E.R., Fahmy, H., Ghoneim, A.S., 2024. Db- cbil: A distilbert-based transformer hybrid model using cnn and bilstm for software vulnerability detection. IEEE Access

2024
[6]

A systematic literature review on softwarevulnerabilitypredictionmodels

Bassi, D., Singh, H., 2023. A systematic literature review on softwarevulnerabilitypredictionmodels. IEEEAccess11,110289– 110311

2023
[7]

Bui, V.C., Do, X.C., 2023. Detecting software vulnerabilities based on source code analysis using gcn transformer, in: 2023 RIVF International Conference on Computing and Communication Technologies (RIVF), IEEE. pp. 112–117

2023
[8]

Multi-source cross-domain vulnerability detection based on code pre-trained model

Cao, Y., Dong, Y., 2025. Multi-source cross-domain vulnerability detection based on code pre-trained model. Information and Soft- ware Technology , 107764

2025
[9]

Vulnerability detection based on transformer and high-quality number embedding

Cao, Y., Dong, Y., Peng, J., 2024. Vulnerability detection based on transformer and high-quality number embedding. Concurrency and Computation: Practice and Experience 36, e8292

2024
[10]

Transformer- based vulnerability detection in code at edittime: Zero-shot, few- shot, or fine-tuning? arXiv preprint arXiv:2306.01754

Chan,A.,Kharkar,A.,Moghaddam,R.Z.,Mohylevskyy,Y.,Helyar, A.,Kamal,E.,Elkamhawy,M.,Sundaresan,N.,2023. Transformer- based vulnerability detection in code at edittime: Zero-shot, few- shot, or fine-tuning? arXiv preprint arXiv:2306.01754 . Naseer et al.:Preprint submitted to ElsevierPage 24 of 27 SLR for transformer-based Software Vulnerability detection

work page arXiv 2023
[11]

Hlt: A hierarchical vulnerability detection model based on transformer, in: 2022 4th International Conference on Data Intelligence and Security (ICDIS), IEEE

Chen, Y., Liu, Z., 2022. Hlt: A hierarchical vulnerability detection model based on transformer, in: 2022 4th International Conference on Data Intelligence and Security (ICDIS), IEEE. pp. 50–54

2022
[12]

Machine learning methods for softwarevulnerabilitydetection,in:ProceedingsofthefourthACM internationalworkshoponsecurityandprivacyanalytics,pp.31–39

Chernis, B., Verma, R., 2018. Machine learning methods for softwarevulnerabilitydetection,in:ProceedingsofthefourthACM internationalworkshoponsecurityandprivacyanalytics,pp.31–39

2018
[13]

Data preparation for soft- ware vulnerability prediction: A systematic literature review

Croft, R., Xie, Y., Babar, M.A., 2022. Data preparation for soft- ware vulnerability prediction: A systematic literature review. IEEE Transactions on Software Engineering 49, 1044–1063

2022
[14]

Cui, H., Zhang, C., Cai, F., 2025. Vulgtda: A software vulnerability detection method via graph transformer and domain adaptation, in: 20255thInternationalConferenceonNeuralNetworks,Information and Communication Engineering (NNICE), IEEE. pp. 1053–1056

2025
[15]

Multivd: A transformer-based multitask approach for software vulnerability detection, in: Proceedings of the 21st International Conference on Security and Cryptography, pp

Curto, C., Giordano, D., Palazzo, S., Indelicato, D., 2024. Multivd: A transformer-based multitask approach for software vulnerability detection, in: Proceedings of the 21st International Conference on Security and Cryptography, pp. 416–423

2024
[16]

Cwevulnerabilities

CWE,. Cwevulnerabilities. https://cwe.mitre.org/. Accessed:2025- 11-18

2025
[17]

Devlin, J., Chang, M.W., Lee, K., Toutanova, K., 2019. Bert: Pre-training of deep bidirectional transformers for language un- derstanding, in: Proceedings of the 2019 conference of the North American chapter of the association for computational linguistics: humanlanguagetechnologies,volume1(longandshortpapers),pp. 4171–4186

2019
[18]

Automated Software Engineering 31, 40

Do,C.X.,Luu,N.T.,Nguyen,P.T.L.,2024.Optimizingsoftwarevul- nerabilitydetectionusingrobertaandmachinelearning. Automated Software Engineering 31, 40

2024
[19]

Anovelapproachfor software vulnerability detection based on ensemble learning model

DoXuan,C.,Quang,D.B.,Quang,V.D.,2026. Anovelapproachfor software vulnerability detection based on ensemble learning model. Computers and Electrical Engineering 130, 110848

2026
[20]

Asystematicliteraturereviewofsoftware vulnerability detection

Eberendu, A.C., Udegbe, V.I., Ezennorom, E.O., Ibegbulam, A.C., Chinebu,T.I.,etal.,2022. Asystematicliteraturereviewofsoftware vulnerability detection. European Journal of Computer Science and Information Technology 10, 23–37

2022
[21]

Python source code vulnerability detection with named entity recognition

Ehrenberg, M., Sarkani, S., Mazzuchi, T.A., 2024. Python source code vulnerability detection with named entity recognition. Com- puters & Security 140, 103802

2024
[22]

CodeBERT: A Pre-Trained Model for Programming and Natural Languages

Feng,Z.,2020. Codebert:Apre-trainedmodelforprogrammingand natural languages. arXiv preprint arXiv:2002.08155

work page internal anchor Pith review arXiv 2020
[23]

Securefalcon: Are we there yet in automated software vulnerability detection with llms? IEEE Transactions on Software Engineering

Ferrag, M.A., Battah, A., Tihanyi, N., Jain, R., Maimuţ, D., Al- wahedi, F., Lestable, T., Thandi, N.S., Mechri, A., Debbah, M., et al., 2025a. Securefalcon: Are we there yet in automated software vulnerability detection with llms? IEEE Transactions on Software Engineering
[24]

Securefalcon:Arewethereyetinautomated software vulnerability detection with llms? IEEE Transactions on Software Engineering 51, 1248–1265

Ferrag, M.A., Battah, A., Tihanyi, N., Jain, R., Maimuţ, D., Al- wahedi, F., Lestable, T., Thandi, N.S., Mechri, A., Debbah, M., Cordeiro,L.C.,2025b. Securefalcon:Arewethereyetinautomated software vulnerability detection with llms? IEEE Transactions on Software Engineering 51, 1248–1265. doi:10.1109/TSE.2025. 3548168

work page doi:10.1109/tse.2025 2025
[25]

Ferretti,S.,D’Angelo,G.,Ghini,V.,Tomasone,M.B.,2025. Detect- ing smart contract vulnerabilities using transformers and llms, in: 2025 IEEE International Conference on Pervasive Computing and Communications Workshops and other Affiliated Events (PerCom Workshops), IEEE. pp. 7–12

2025
[26]

Linevul: A transformer-based line-levelvulnerabilityprediction,in:Proceedingsofthe19thInter- nationalConferenceonMiningSoftwareRepositories,pp.608–620

Fu, M., Tantithamthavorn, C., 2022. Linevul: A transformer-based line-levelvulnerabilityprediction,in:Proceedingsofthe19thInter- nationalConferenceonMiningSoftwareRepositories,pp.608–620

2022
[27]

sguard+: Machine learning guided rule-based automated vulnerability repair onsmartcontracts

Gao, C., Yang, W., Ye, J., Xue, Y., Sun, J., 2024. sguard+: Machine learning guided rule-based automated vulnerability repair onsmartcontracts. ACMTransactionsonSoftwareEngineeringand Methodology 33, 1–55

2024
[28]

Software vulnerability analysis and discovery using machine-learning and data-mining techniques: A survey

Ghaffarian, S.M., Shahriari, H.R., 2017. Software vulnerability analysis and discovery using machine-learning and data-mining techniques: A survey. ACM computing surveys (CSUR) 50, 1–36

2017
[29]

Gong, P., Yang, W., Wang, L., Wei, F., HaiLaTi, K., Liao, Y.,
[30]

Computers, Materials & Continua 76

Gratdet:Smartcontractvulnerabilitydetectorbasedongraph representation and transformer. Computers, Materials & Continua 76
[31]

Detectbert:Codevulnerabilitydetection,in:2024 Global Conference on Communications and Information Technolo- gies (GCCIT), IEEE

Gujar,S.S.,2024. Detectbert:Codevulnerabilitydetection,in:2024 Global Conference on Communications and Information Technolo- gies (GCCIT), IEEE. pp. 1–21

2024
[32]

Transformer-based semanticembeddingsandhybridneuralnetworksforrobustsoftware vulnerabilitydetection,in:2025InnovationsinPowerandAdvanced Computing Technologies (i-PACT), IEEE

Gunda, B.S., Krishna, G.B., Rawat, S.S., 2025. Transformer-based semanticembeddingsandhybridneuralnetworksforrobustsoftware vulnerabilitydetection,in:2025InnovationsinPowerandAdvanced Computing Technologies (i-PACT), IEEE. pp. 1–9

2025
[33]

Gupta, A.R., Tomar, D.S., Shekhar, R., 2024. Dl-vulbert: A deep learning classifier for the identification of software vulnerabilities, in: 2024 15th International Conference on Computing Communica- tion and Networking Technologies (ICCCNT), IEEE. pp. 1–7

2024
[34]

Vulberta: Simplified source code pre-training for vulnerability detection, in: 2022 International joint conference on neural networks (IJCNN), IEEE

Hanif, H., Maffeis, S., 2022. Vulberta: Simplified source code pre-training for vulnerability detection, in: 2022 International joint conference on neural networks (IJCNN), IEEE. pp. 1–8

2022
[35]

A systematic literature review on automated software vulnerability detection using machine learning

Harzevili, N.s., Belle, A.b., Wang, J., Wang, S., Jiang, Z.m.j., Na- gappan, N., 2025. A systematic literature review on automated software vulnerability detection using machine learning. ACM COMPUTING SURVEYS 57

2025
[36]

Vultr: Software vulnerability detection model based on multi-layer key feature en- hancement

He, H., Wang, S., Wang, Y., Liu, K., Yu, L., 2025. Vultr: Software vulnerability detection model based on multi-layer key feature en- hancement. Computers & Security 148, 104139

2025
[37]

Linevd: Statement- level vulnerability detection using graph neural networks, in: Pro- ceedings of the 19th international conference on mining software repositories, pp

Hin, D., Kan, A., Chen, H., Babar, M.A., 2022. Linevd: Statement- level vulnerability detection using graph neural networks, in: Pro- ceedings of the 19th international conference on mining software repositories, pp. 596–607

2022
[38]

Avulnerability detection algorithm based on transformer model, in: International ConferenceonArtificialIntelligenceandSecurity,Springer.pp.43– 55

Hou,F.,Zhou,K.,Li,L.,Tian,Y.,Li,J.,Li,J.,2022. Avulnerability detection algorithm based on transformer model, in: International ConferenceonArtificialIntelligenceandSecurity,Springer.pp.43– 55

2022
[39]

Anunbiasedtransformersourcecodelearningwithseman- tic vulnerability graph, in: 2023 IEEE 8th European Symposium on Security and Privacy (EuroS&P), IEEE

Islam, N.T., Parra, G.D.L.T., Manuel, D., Bou-Harb, E., Najafirad, P.,2023. Anunbiasedtransformersourcecodelearningwithseman- tic vulnerability graph, in: 2023 IEEE 8th European Symposium on Security and Privacy (EuroS&P), IEEE. pp. 144–159

2023
[40]

Design and evalua- tion of highly accurate smart contract code vulnerability detection framework

Jeon, S., Lee, G., Kim, H., Woo, S.S., 2024. Design and evalua- tion of highly accurate smart contract code vulnerability detection framework. Data Mining and Knowledge Discovery 38, 888–912

2024
[41]

Haformer:Semanticfusionofhexmachinecodeandassemblycode for cross-architecture binary vulnerability detection

Jiang, X., Wang, S., Gong, Y., Yu, T., Liu, L., Yu, X., 2024. Haformer:Semanticfusionofhexmachinecodeandassemblycode for cross-architecture binary vulnerability detection. Computers & Security 145, 104029

2024
[42]

JianJie,Y.,Le,W.,2023.Codedefectdetectionmethodbasedonbert and ensemble, in: 2023 9th International Conference on Computer and Communications (ICCC), IEEE. pp. 2130–2138

2023
[43]

Kaanan,E.,Karim,T.,Shaon,M.S.H.,Sultan,M.F.,Cuzzocrea,A., Akter,M.S.,2024.Llm-basedapproachforbufferoverflowdetection insourcecode,in:202427thInternationalConferenceonComputer and Information Technology (ICCIT), IEEE. pp. 1898–1902

2024
[44]

Transfer learning for software vulnera- bility prediction using transformer models

Kalouptsoglou, I., Siavvas, M., Ampatzoglou, A., Kehagias, D., Chatzigeorgiou, A., 2025. Transfer learning for software vulnera- bility prediction using transformer models. Journal of Systems and Software 227, 112448

2025
[45]

Katz, K., Moshtari, S., Mujhid, I., Mirakhorli, M., Garcia, D.,
[46]

Siexvults: Sensitive information exposure vulnerability de- tection system using transformer models and static analysis, in: 2025 ACM/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM), IEEE. pp. 230–241

2025
[47]

Leveraging transformers to discover software vulnerabilities based on source code slices, in: Proceedings of the 2026 Australasian Information Security Confer- ence, pp

Khan, A.R., Xu, Y., Li, Y., 2026. Leveraging transformers to discover software vulnerabilities based on source code slices, in: Proceedings of the 2026 Australasian Information Security Confer- ence, pp. 1–9

2026
[48]

Robustvulnerabilitydetection in solidity-based ethereum smart contracts using fine-tuned trans- former encoder models

Kim,J.,Lee,S.,Kim,H.,etal.,2024. Robustvulnerabilitydetection in solidity-based ethereum smart contracts using fine-tuned trans- former encoder models. IEEE Access

2024
[49]

Kim,S.,Choi,J.,Ahmed,M.E.,Nepal,S.,Kim,H.,2022.Vuldebert: A vulnerability detection system using bert, in: 2022 IEEE Interna- tional Symposium on Software Reliability Engineering Workshops Naseer et al.:Preprint submitted to ElsevierPage 25 of 27 SLR for transformer-based Software Vulnerability detection (ISSREW), IEEE. pp. 69–74

2022
[50]

Guidelinesforperforming systematic literature reviews in software engineering

Kitchenham,B.,Charters,S.,etal.,2007. Guidelinesforperforming systematic literature reviews in software engineering. Technical Report. Technical report, ver. 2.3 ebse technical report. ebse

2007
[51]

Asurveyondata-drivensoft- ware vulnerability assessment and prioritization

Le,T.H.,Chen,H.,Babar,M.A.,2022. Asurveyondata-drivensoft- ware vulnerability assessment and prioritization. ACM Computing Surveys 55, 1–39

2022
[52]

Le, T.H.M., Babar, M.A., Thai, T.H., 2024. Software vulner- ability prediction in low-resource languages: An empirical study of codebert and chatgpt, in: Proceedings of the 28th International ConferenceonEvaluationandAssessmentinSoftwareEngineering, pp. 679–685

2024
[53]

Li, J., 2025. Macd: Source code vulnerability detection method integrating mamba and attention, in: 2025 7th International Con- ferenceonElectronicsandCommunication,NetworkandComputer Technology (ECNCT), IEEE. pp. 376–380

2025
[54]

Li, S., Chen, D., Zhang, J., Wang, H., Li, L., Qian, Y., Liu, H.,
[55]

Software vulnerability detection based on anomaly-attention, in: 2022 4th International Conference on Robotics and Computer Vision (ICRCV), IEEE. pp. 261–265

2022
[56]

Liang, C., Wei, Q., Jiang, Z., Wang, Y., Du, J., 2024. A source code vulnerability detection method based on adaptive graph neural networks, in: Proceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering Workshops, pp. 187–196

2024
[57]

Software vulnerability detection using deep neural networks: a survey

Lin, G., Wen, S., Han, Q.L., Zhang, J., Xiang, Y., 2020. Software vulnerability detection using deep neural networks: a survey. Pro- ceedings of the IEEE 108, 1825–1848

2020
[58]

Makingvulnerabilitypre- diction more practical: Prediction, categorization, and localization

Liu,C.,Chen,X.,Li,X.,Xue,Y.,2024a. Makingvulnerabilitypre- diction more practical: Prediction, categorization, and localization. Information and Software Technology 171, 107458
[59]

Automatic software vulnerability detection in binary code, in: International Conference on Machine Learning for Cyber Security, Springer

Liu, S., Li, L., Ban, X., Chen, C., Zhang, J., Camtepe, S., Xiang, Y., 2024b. Automatic software vulnerability detection in binary code, in: International Conference on Machine Learning for Cyber Security, Springer. pp. 148–166
[60]

Software vulnerability detectionwithgptandin-contextlearning,in:20238thInternational Conference on Data Science in Cyberspace (DSC), IEEE

Liu, Z., Liao, Q., Gu, W., Gao, C., 2023. Software vulnerability detectionwithgptandin-contextlearning,in:20238thInternational Conference on Data Science in Cyberspace (DSC), IEEE. pp. 229– 236

2023
[61]

Pre-training bypredictingprogramdependenciesforvulnerabilityanalysistasks, in:ProceedingsoftheIEEE/ACM46thInternationalConferenceon Software Engineering, pp

Liu, Z., Tang, Z., Zhang, J., Xia, X., Yang, X., 2024c. Pre-training bypredictingprogramdependenciesforvulnerabilityanalysistasks, in:ProceedingsoftheIEEE/ACM46thInternationalConferenceon Software Engineering, pp. 1–13
[62]

Assessing the effectiveness of vulnerability detection via prompt tuning: An empirical study, in: 2023 30th Asia-Pacific Software Engineering Conference (APSEC), IEEE

Lu, G., Ju, X., Chen, X., Yang, S., Chen, L., Shen, H., 2023. Assessing the effectiveness of vulnerability detection via prompt tuning: An empirical study, in: 2023 30th Asia-Pacific Software Engineering Conference (APSEC), IEEE. pp. 415–424

2023
[63]

Harnessing the power of llms in source code vulnerability detection, in: MILCOM 2024-2024 IEEE Military Communications Conference (MILCOM), IEEE

Mahyari, A.A., 2024. Harnessing the power of llms in source code vulnerability detection, in: MILCOM 2024-2024 IEEE Military Communications Conference (MILCOM), IEEE. pp. 251–256

2024
[64]

A transformer- based ide plugin for vulnerability detection, in: Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering, pp

Mamede, C., Pinconschi, E., Abreu, R., 2022. A transformer- based ide plugin for vulnerability detection, in: Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering, pp. 1–4

2022
[65]

Healthcarefrauddetectionusingadaptivelearninganddeeplearning techniques

Matloob, I., Khan, S., Rukaiya, R., Alfraihi, H., Ali Khan, J., 2025. Healthcarefrauddetectionusingadaptivelearninganddeeplearning techniques. Evolving Systems 16, 72

2025
[66]

Secureqwen:Leverag- ingllmsforvulnerabilitydetectioninpythoncodebases

Mechri,A.,Ferrag,M.A.,Debbah,M.,2025. Secureqwen:Leverag- ingllmsforvulnerabilitydetectioninpythoncodebases. Computers & Security 148, 104151

2025
[67]

Ladle: a method for unsupervised anomaly detection across log types

Mylläri, J., Aalto, T., Nurminen, J.K., 2025. Ladle: a method for unsupervised anomaly detection across log types. Automated Software Engineering 32, 34

2025
[68]

Mando-hgt: Heterogeneous graph transformers for smart contract vulnerability detection, in: 2023 IEEE/ACM 20th International Conference on Mining Software Repositories (MSR), IEEE

Nguyen, H.H., Nguyen, N.M., Xie, C., Ahmadi, Z., Kudendo, D., Doan, T.N., Jiang, L., 2023. Mando-hgt: Heterogeneous graph transformers for smart contract vulnerability detection, in: 2023 IEEE/ACM 20th International Conference on Mining Software Repositories (MSR), IEEE. pp. 334–346

2023
[69]

Abundant modalities offermorenutrients:Multi-modal-basedfunction-levelvulnerability detection

Ni, C., Yin, X., Li, X., Xu, X., Yu, Z., 2025. Abundant modalities offermorenutrients:Multi-modal-basedfunction-levelvulnerability detection. ACMTransactionsonSoftwareEngineeringandMethod- ology

2025
[70]

Open science in software engineering: A study on deep learning- based vulnerability detection

Nong, Y., Sharma, R., Hamou-Lhadj, A., Luo, X., Cai, H., 2022. Open science in software engineering: A study on deep learning- based vulnerability detection. IEEE Transactions on Software Engineering 49, 1983–2005

2022
[71]

Oladokun, O., Rice, J., 2025. How effective are pretrained pro- gramminglanguage-basedlanguagemodels(pllms)inthedetection of android vulnerabilities?, in: 2025 IEEE Canadian Conference on ElectricalandComputerEngineering(CCECE),IEEE.pp.150–154

2025
[72]

Real-world examples of application security breaches

Pavicic, B., . Real-world examples of application security breaches. https://true-positives.com/appsec-blog/cybersecurity- breaches-real-world-examples-lessons-learned. Accessed:2025-11- 25

2025
[73]

Peng,T.,Chen,S.,Zhu,F.,Tang,J.,Liu,J.,Hu,X.,2023. Ptlvd:Pro- gramslicingandtransformer-basedline-levelvulnerabilitydetection system, in: 2023 IEEE 23rd International Working Conference on Source Code Analysis and Manipulation (SCAM), IEEE. pp. 162– 173

2023
[74]

Codebert-based embeddings for detecting vulnerable smartcontracts,in:2025IEEE50thConferenceonLocalComputer Networks (LCN), IEEE

Perera, A., Pillai, B., Tharani, J.S., Rao, A.S., Muthukkumarasamy, V., 2025. Codebert-based embeddings for detecting vulnerable smartcontracts,in:2025IEEE50thConferenceonLocalComputer Networks (LCN), IEEE. pp. 1–9

2025
[75]

Perl,H.,Dechand,S.,Smith,M.,Arp,D.,Yamaguchi,F.,Rieck,K., Fahl,S.,Acar,Y.,2015. Vccfinder:Findingpotentialvulnerabilities in open-source projects to assist code audits, in: Proceedings of the 22nd ACM SIGSAC conference on computer and communications security, pp. 426–437

2015
[76]

Software vulnerability detection using large language models, in: 2023 IEEE 34th International Symposium on Software Reliability Engineering Workshops (ISSREW), IEEE

Purba, M.D., Ghosh, A., Radford, B.J., Chu, B., 2023. Software vulnerability detection using large language models, in: 2023 IEEE 34th International Symposium on Software Reliability Engineering Workshops (ISSREW), IEEE. pp. 112–119

2023
[77]

Reza, S.I., Moon, I.T., Fahim, M.F.S., Alam, A., Sheikh, M.T.,
[78]

An empirical analysis of transformer-based models with lime explainability for javascript vulnerability detection, in: 2026 5th International Conference on Electrical, Computer & Telecom- munication Engineering (ICECTE), IEEE. pp. 1–6

2026
[79]

Rusinova, Z., Chernyshov, Y., Dolganov, A., 2024. Explaining of transformer-based models for vulnerable function detection, in: 2024 IEEE Ural-Siberian Conference on Biomedical Engineering, Radioelectronics and Information Technology (USBEREIT), IEEE. pp. 304–307

2024
[80]

Vulnerai: Gpt based web ap- plication vulnerability detection, in: 2024 International Conference onArtificialIntelligence,MetaverseandCybersecurity(ICAMAC), IEEE

Saimbhi, S.S., Akpinar, K.O., 2024. Vulnerai: Gpt based web ap- plication vulnerability detection, in: 2024 International Conference onArtificialIntelligence,MetaverseandCybersecurity(ICAMAC), IEEE. pp. 1–6

2024

Showing first 80 references.