{"id":"https://openalex.org/W4416251628","doi":"https://doi.org/10.1109/access.2025.3631363","title":"A Systematic Review on Detection, Repair, and Explanation of Vulnerabilities in Source Code Using Large Language Models","display_name":"A Systematic Review on Detection, Repair, and Explanation of Vulnerabilities in Source Code Using Large Language Models","publication_year":2025,"publication_date":"2025-01-01","ids":{"openalex":"https://openalex.org/W4416251628","doi":"https://doi.org/10.1109/access.2025.3631363"},"language":"en","primary_location":{"id":"doi:10.1109/access.2025.3631363","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2025.3631363","pdf_url":null,"source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1109/access.2025.3631363","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5116465230","display_name":"Lucas Bastos Germano","orcid":"https://orcid.org/0009-0007-1607-4863"},"institutions":[{"id":"https://openalex.org/I41870","display_name":"Military Institute of Engineering","ror":"https://ror.org/03veakt65","country_code":"BR","type":"education","lineage":["https://openalex.org/I41870"]}],"countries":["BR"],"is_corresponding":true,"raw_author_name":"Lucas Bastos Germano","raw_affiliation_strings":["Military Institute of Engineering, Rio de Janeiro, Brazil"],"affiliations":[{"raw_affiliation_string":"Military Institute of Engineering, Rio de Janeiro, Brazil","institution_ids":["https://openalex.org/I41870"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5024998995","display_name":"Ronaldo Ribeiro Goldschmidt","orcid":"https://orcid.org/0000-0003-1688-0586"},"institutions":[{"id":"https://openalex.org/I41870","display_name":"Military Institute of Engineering","ror":"https://ror.org/03veakt65","country_code":"BR","type":"education","lineage":["https://openalex.org/I41870"]}],"countries":["BR"],"is_corresponding":false,"raw_author_name":"Ronaldo Ribeiro Goldschmidt","raw_affiliation_strings":["Military Institute of Engineering, Rio de Janeiro, Brazil"],"affiliations":[{"raw_affiliation_string":"Military Institute of Engineering, Rio de Janeiro, Brazil","institution_ids":["https://openalex.org/I41870"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5069190717","display_name":"Ricardo Choren Noya","orcid":"https://orcid.org/0000-0003-4081-2647"},"institutions":[{"id":"https://openalex.org/I41870","display_name":"Military Institute of Engineering","ror":"https://ror.org/03veakt65","country_code":"BR","type":"education","lineage":["https://openalex.org/I41870"]}],"countries":["BR"],"is_corresponding":false,"raw_author_name":"Ricardo Choren Noya","raw_affiliation_strings":["Military Institute of Engineering, Rio de Janeiro, Brazil"],"affiliations":[{"raw_affiliation_string":"Military Institute of Engineering, Rio de Janeiro, Brazil","institution_ids":["https://openalex.org/I41870"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5101796508","display_name":"J\u00falio C\u00e9sar Duarte","orcid":"https://orcid.org/0000-0001-6656-1247"},"institutions":[{"id":"https://openalex.org/I41870","display_name":"Military Institute of Engineering","ror":"https://ror.org/03veakt65","country_code":"BR","type":"education","lineage":["https://openalex.org/I41870"]}],"countries":["BR"],"is_corresponding":false,"raw_author_name":"Julio Cesar Duarte","raw_affiliation_strings":["Military Institute of Engineering, Rio de Janeiro, Brazil"],"affiliations":[{"raw_affiliation_string":"Military Institute of Engineering, Rio de Janeiro, Brazil","institution_ids":["https://openalex.org/I41870"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5116465230"],"corresponding_institution_ids":["https://openalex.org/I41870"],"apc_list":{"value":1850,"currency":"USD","value_usd":1850},"apc_paid":{"value":1850,"currency":"USD","value_usd":1850},"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.49489796,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"13","issue":null,"first_page":"192263","last_page":"192293"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.3278000056743622,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.3278000056743622,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.21150000393390656,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.11180000007152557,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/secure-coding","display_name":"Secure coding","score":0.6851999759674072},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.5397999882698059},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.47600001096725464},{"id":"https://openalex.org/keywords/source-code","display_name":"Source code","score":0.4309000074863434},{"id":"https://openalex.org/keywords/software-quality","display_name":"Software quality","score":0.41999998688697815},{"id":"https://openalex.org/keywords/javascript","display_name":"JavaScript","score":0.4124999940395355},{"id":"https://openalex.org/keywords/security-bug","display_name":"Security bug","score":0.4115000069141388},{"id":"https://openalex.org/keywords/vulnerability-management","display_name":"Vulnerability management","score":0.41100001335144043},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.38690000772476196}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7835999727249146},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.6851999759674072},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.5397999882698059},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.47600001096725464},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.4569999873638153},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.4309000074863434},{"id":"https://openalex.org/C117447612","wikidata":"https://www.wikidata.org/wiki/Q1412670","display_name":"Software quality","level":4,"score":0.41999998688697815},{"id":"https://openalex.org/C544833334","wikidata":"https://www.wikidata.org/wiki/Q2005","display_name":"JavaScript","level":2,"score":0.4124999940395355},{"id":"https://openalex.org/C131275738","wikidata":"https://www.wikidata.org/wiki/Q7445023","display_name":"Security bug","level":5,"score":0.4115000069141388},{"id":"https://openalex.org/C172776598","wikidata":"https://www.wikidata.org/wiki/Q7943570","display_name":"Vulnerability management","level":4,"score":0.41100001335144043},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4108999967575073},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.38690000772476196},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.3709000051021576},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.35269999504089355},{"id":"https://openalex.org/C43214815","wikidata":"https://www.wikidata.org/wiki/Q7310987","display_name":"Reliability (semiconductor)","level":3,"score":0.3490000069141388},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.3425999879837036},{"id":"https://openalex.org/C150292731","wikidata":"https://www.wikidata.org/wiki/Q1342704","display_name":"Code review","level":5,"score":0.32249999046325684},{"id":"https://openalex.org/C189708586","wikidata":"https://www.wikidata.org/wiki/Q1504425","display_name":"Systematic review","level":3,"score":0.31850001215934753},{"id":"https://openalex.org/C105339364","wikidata":"https://www.wikidata.org/wiki/Q2297740","display_name":"Software deployment","level":2,"score":0.31349998712539673},{"id":"https://openalex.org/C12174686","wikidata":"https://www.wikidata.org/wiki/Q1058438","display_name":"Risk assessment","level":2,"score":0.30239999294281006},{"id":"https://openalex.org/C191015642","wikidata":"https://www.wikidata.org/wiki/Q1132459","display_name":"Fragmentation (computing)","level":2,"score":0.2897999882698059},{"id":"https://openalex.org/C63406617","wikidata":"https://www.wikidata.org/wiki/Q5266714","display_name":"Development testing","level":5,"score":0.2858999967575073},{"id":"https://openalex.org/C77109596","wikidata":"https://www.wikidata.org/wiki/Q4781497","display_name":"Application security","level":5,"score":0.2856999933719635},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.27790001034736633},{"id":"https://openalex.org/C2776969324","wikidata":"https://www.wikidata.org/wiki/Q613918","display_name":"Software quality assurance","level":5,"score":0.27079999446868896},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.257999986410141},{"id":"https://openalex.org/C184356942","wikidata":"https://www.wikidata.org/wiki/Q830382","display_name":"Best practice","level":2,"score":0.2549999952316284}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/access.2025.3631363","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2025.3631363","pdf_url":null,"source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:eff4d61e55144036ba2824c759654319","is_oa":true,"landing_page_url":"https://doaj.org/article/eff4d61e55144036ba2824c759654319","pdf_url":null,"source":{"id":"https://openalex.org/S112646816","display_name":"SHILAP Revista de lepidopterolog\u00eda","issn_l":"0300-5267","issn":["0300-5267","2340-4078"],"is_oa":true,"is_in_doaj":true,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IEEE Access, Vol 13, Pp 192263-192293 (2025)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.1109/access.2025.3631363","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2025.3631363","pdf_url":null,"source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Software":[0],"vulnerabilities":[1],"pose":[2],"critical":[3],"risks":[4],"to":[5,58,190],"the":[6,91,120,158],"security":[7,197],"and":[8,17,50,78,103,116,146,167,169,186,193],"reliability":[9],"of":[10,73,160],"modern":[11],"systems,":[12],"requiring":[13],"effective":[14],"detection,":[15],"repair,":[16],"explanation":[18,79],"techniques.":[19],"Large":[20],"Language":[21],"Models":[22],"(LLMs)":[23],"have":[24],"recently":[25],"emerged":[26],"as":[27,100,119],"promising":[28],"tools":[29],"for":[30,173],"these":[31,153],"tasks,":[32,163],"yet":[33],"research":[34,178],"in":[35,195],"this":[36,155],"area":[37],"remains":[38],"uneven.":[39],"This":[40],"systematic":[41],"review":[42,156],"analyzes":[43],"208":[44],"peer-reviewed":[45],"studies":[46,126],"published":[47],"between":[48],"2018":[49],"August":[51],"2025,":[52],"examining":[53],"how":[54],"LLMs":[55,161],"are":[56],"applied":[57],"source":[59],"code":[60],"vulnerability":[61,70],"analysis.":[62],"The":[63],"findings":[64],"reveal":[65],"a":[66],"strong":[67],"emphasis":[68],"on":[69,128,152,179],"detection":[71],"(91.3%":[72],"studies),":[74],"while":[75],"repair":[76,139],"(11.1%)":[77],"(5.3%)":[80],"remain":[81],"underexplored.":[82],"Programming":[83],"language":[84],"coverage":[85],"shows":[86],"similar":[87],"imbalances:":[88],"C/C++":[89],"is":[90],"most":[92,121],"frequently":[93],"studied,":[94],"whereas":[95],"widely":[96],"adopted":[97],"languages":[98],"such":[99],"Java,":[101],"Python,":[102],"JavaScript":[104],"receive":[105],"limited":[106],"attention.":[107],"Dataset":[108],"fragmentation":[109],"further":[110],"complicates":[111],"cross-study":[112],"comparisons,":[113],"with":[114,138],"CodeXGlue/Devign":[115],"Big-Vul":[117],"serving":[118],"common":[122],"baselines,":[123],"but":[124],"many":[125],"rely":[127],"custom":[129],"or":[130],"synthetic":[131],"datasets.":[132],"Evaluation":[133],"practices":[134],"also":[135],"exhibit":[136],"limitations,":[137],"often":[140],"assessed":[141],"through":[142],"strict":[143],"exact-match":[144],"metrics":[145],"explanations":[147],"lacking":[148],"standardized":[149,188],"frameworks.":[150],"Building":[151],"insights,":[154],"maps":[157],"use":[159],"across":[162],"languages,":[164,181],"models,":[165],"datasets,":[166],"metrics,":[168],"outlines":[170],"key":[171],"directions":[172],"future":[174],"work,":[175],"including":[176],"expanding":[177],"underrepresented":[180],"developing":[182],"robust":[183],"evaluation":[184],"methods,":[185],"adopting":[187],"benchmarks":[189],"improve":[191],"reproducibility":[192],"applicability":[194],"software":[196],"research.":[198]},"counts_by_year":[],"updated_date":"2026-03-07T16:01:11.037858","created_date":"2025-11-10T00:00:00"}