Large Language Model for vulnerability detection and repair: Literature review and the road ahead

Author

Xin ZHOU
Sicong CAO
Xiaobing SUN
David LO, Singapore Management UniversityFollow

Publication Type

Journal Article

Version

publishedVersion

Publication Date

6-2025

Abstract

The significant advancements in Large Language Models (LLMs) have resulted in their widespread adoption across various tasks within Software Engineering (SE), including vulnerability detection and repair. Numerous studies have investigated the application of LLMs to enhance vulnerability detection and repair tasks. Despite the increasing research interest, there is currently no existing survey that focuses on the utilization of LLMs for vulnerability detection and repair. In this paper, we aim to bridge this gap by offering a systematic literature review of approaches aimed at improving vulnerability detection and repair through the utilization of LLMs. The review encompasses research work from leading SE, AI, and Security conferences and journals, encompassing 43 papers published across 25 distinct venues, along with 15 high-quality preprint papers, bringing the total to 58 papers. By answering three key research questions, we aim to (1) summarize the LLMs employed in the relevant literature, (2) categorize various LLM adaptation techniques in vulnerability detection, and (3) classify various LLM adaptation techniques in vulnerability repair. Based on our findings, we have identified a series of limitations of existing studies. Additionally, we have outlined a roadmap highlighting potential opportunities that we believe are pertinent and crucial for future research endeavors.

Keywords

large language models, Literature review, vulnerability detection, vulnerability repair

Discipline

Artificial Intelligence and Robotics | Software Engineering

Research Areas

Software and Cyber-Physical Systems

Publication

ACM Transactions on Software Engineering and Methodology

Volume

34

Issue

5

First Page

1

Last Page

31

ISSN

1049-331X

Identifier

10.1145/3708522

Publisher

Association for Computing Machinery (ACM)

Citation

ZHOU, Xin; CAO, Sicong; SUN, Xiaobing; and LO, David. Large Language Model for vulnerability detection and repair: Literature review and the road ahead. (2025). ACM Transactions on Software Engineering and Methodology. 34, (5), 1-31.
Available at: https://ink.library.smu.edu.sg/sis_research/10424

Copyright Owner and License

Authors-CC-BY

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.

Additional URL

https://doi.org/10.1145/3708522