Vul-RAG: Enhancing LLM-based Vulnerability Detection via Knowledge-level RAG

Du, Xueying; Zheng, Geng; Wang, Kaixin; Zou, Yi; Wang, Yujia; Deng, Wentai; Feng, Jiayi; Liu, Mingwei; Chen, Bihuan; Peng, Xin; Ma, Tao; Lou, Yiling

doi:10.1145/3797277

articleACM Transactions on Software Engineering and MethodologyFeb 20, 2026Closed access

Vul-RAG: Enhancing LLM-based Vulnerability Detection via Knowledge-level RAG

XDXueying Du GZGeng Zheng KWKaixin WangYZYi ZouYWYujia Wang

Fudan University · Alibaba Group (China) · +1 more institution

Indexed incrossref

Abstract

Although LLMs have shown promising potential in vulnerability detection, this study reveals their limitations in distinguishing between vulnerable and similar-but-benign patched code (only 0.06 - 0.14 accuracy). It shows that LLMs struggle to capture the root causes of vulnerabilities during vulnerability detection. To address this challenge, we propose enhancing LLMs with multi-dimensional vulnerability knowledge distilled from historical vulnerabilities and fixes. We design a novel knowledge-level Retrieval-Augmented Generation framework Vul-RAG, which improves LLMs with an accuracy increase of 16% - 24% in identifying vulnerable and patched code. Additionally, vulnerability knowledge generated by Vul-RAG…

Citation impact

7

total citations

FWCI: 137.88
Percentile: 100%
References: 30

Citations per year

Authors

12

XD
Xueying DuCorresponding
Fudan University
GZ
Geng Zheng
Alibaba Group (China)
KW
Kaixin Wang
Fudan University
YZ
Yi Zou
Fudan University
YW
Yujia Wang
Fudan University

Topics & keywords

Topics

Keywords

Vulnerability (computing)
Code (set theory)
Risk assessment
Risk management
Vulnerability assessment

UN Sustainable Development Goals

Reduced inequalities

No related works found for this paper.