A C/C++ Code Vulnerability Dataset with Code Changes and CVE Summaries

Authors

Jiahao Fan, New Jersey Institute of Technology
Yi Li, New Jersey Institute of Technology
Shaohua Wang, New Jersey Institute of Technology
Tien N. Nguyen, The University of Texas at Dallas

Document Type

Conference Proceeding

Publication Date

6-29-2020

Abstract

We collected a large C/C++ code vulnerability dataset from open-source Github projects, namely Big-Vul. We crawled the public Common Vulnerabilities and Exposures (CVE) database and CVE-related source code repositories. Specifically, we collected the descriptive information of the vulnerabilities from the CVE database, e.g., CVE IDs, CVE severity scores, and CVE summaries. With the CVE information and its related published Github code repository links, we downloaded all of the code repositories and extracted vulnerability related code changes. In total, Big-Vul contains 3,754 code vulnerabilities spanning 91 different vulnerability types. All these code vulnerabilities are extracted from 348 Github projects. All information is stored in the CSV format. We linked the code changes with the CVE descriptive information. Thus, our Big-Vul can be used for various research topics, e.g., detecting and fixing vulnerabilities, analyzing the vulnerability related code changes. Big-Vul is publicly available on Github.

Identifier

85093651575 (Scopus)

ISBN

[9781450379571]

Publication Title

Proceedings 2020 IEEE ACM 17th International Conference on Mining Software Repositories MSR 2020

External Full Text Location

https://doi.org/10.1145/3379597.3387501

First Page

508

Last Page

512

Grant

CCF-1518897

Fund Ref

National Science Foundation

Recommended Citation

Fan, Jiahao; Li, Yi; Wang, Shaohua; and Nguyen, Tien N., "A C/C++ Code Vulnerability Dataset with Code Changes and CVE Summaries" (2020). Faculty Publications. 5200.
https://digitalcommons.njit.edu/fac_pubs/5200