{"paper":{"title":"MemRepair: Hierarchical Memory for Agentic Repository-Level Vulnerability Repair","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"MemRepair equips LLM repair agents with three persistent memory layers so they can reuse past fixes, security patterns, and refinement paths when fixing vulnerabilities across large code repositories.","cross_cats":["cs.AI","cs.CL"],"primary_cat":"cs.SE","authors_text":"Fang Liu, Li Zhang, Simiao Liu, Xiaoli Lian, Yang Liu, Yinghao Zhu","submitted_at":"2026-05-17T13:29:46Z","abstract_excerpt":"Modern software ecosystems face a rapidly growing number of disclosed vulnerabilities, increasing the need for automated repair techniques that can operate reliably at repository scale. Although Large Language Model (LLM)-based agents have recently shown promise for automated vulnerability repair (AVR), most existing systems still treat repair as a single generation step over the currently visible code context. As a result, they lack a persistent mechanism for reusing prior fixes or learning from failed validation attempts, which limits their effectiveness on complex, multi-file repair tasks. "},"claims":{"count":4,"items":[{"kind":"strongest_claim","text":"MemRepair achieves state-of-the-art resolution rates of 58.0%, 58.2%, and 30.58% on SEC-Bench, PatchEval (Python, Go, JavaScript), and the C++ subset of Multi-SWE-bench, outperforming OpenHands, SWE-agent, and InfCode-C++ while maintaining competitive repair cost.","source":"verdict.strongest_claim","status":"machine_extracted","claim_id":"C1","attestation":"unclaimed"},{"kind":"weakest_assumption","text":"The three memory layers can be retrieved and applied at runtime in a manner that produces net positive gains on complex multi-file repairs without introducing retrieval errors or excessive latency that would negate the benefit.","source":"verdict.weakest_assumption","status":"machine_extracted","claim_id":"C2","attestation":"unclaimed"},{"kind":"one_line_summary","text":"MemRepair is a hierarchical memory-augmented agent framework that raises repository-level vulnerability repair rates to 58.0-58.2% on Python/Go/JS benchmarks and 30.58% on C++ by combining history, pattern, and refinement memories with iterative feedback.","source":"verdict.one_line_summary","status":"machine_extracted","claim_id":"C3","attestation":"unclaimed"},{"kind":"headline","text":"MemRepair equips LLM repair agents with three persistent memory layers so they can reuse past fixes, security patterns, and refinement paths when fixing vulnerabilities across large code repositories.","source":"verdict.pith_extraction.headline","status":"machine_extracted","claim_id":"C4","attestation":"unclaimed"}],"snapshot_sha256":"6f3530240e5a75d1faf61851f08920cf1b6a5841db6ec539af3a42098c6656f4"},"source":{"id":"2605.17444","kind":"arxiv","version":1},"verdict":{"id":"0fab6137-e439-40f5-a434-3ca7057dcb6f","model_set":{"reader":"grok-4.3"},"created_at":"2026-05-19T23:02:19.533275Z","strongest_claim":"MemRepair achieves state-of-the-art resolution rates of 58.0%, 58.2%, and 30.58% on SEC-Bench, PatchEval (Python, Go, JavaScript), and the C++ subset of Multi-SWE-bench, outperforming OpenHands, SWE-agent, and InfCode-C++ while maintaining competitive repair cost.","one_line_summary":"MemRepair is a hierarchical memory-augmented agent framework that raises repository-level vulnerability repair rates to 58.0-58.2% on Python/Go/JS benchmarks and 30.58% on C++ by combining history, pattern, and refinement memories with iterative feedback.","pipeline_version":"pith-pipeline@v0.9.0","weakest_assumption":"The three memory layers can be retrieved and applied at runtime in a manner that produces net positive gains on complex multi-file repairs without introducing retrieval errors or excessive latency that would negate the benefit.","pith_extraction_headline":"MemRepair equips LLM repair agents with three persistent memory layers so they can reuse past fixes, security patterns, and refinement paths when fixing vulnerabilities across large code repositories."},"integrity":{"clean":true,"summary":{"advisory":0,"critical":0,"by_detector":{},"informational":0},"endpoint":"/pith/2605.17444/integrity.json","findings":[],"available":true,"detectors_run":[{"name":"doi_title_agreement","ran_at":"2026-05-19T23:31:19.953820Z","status":"completed","version":"1.0.0","findings_count":0},{"name":"doi_compliance","ran_at":"2026-05-19T23:12:25.591109Z","status":"completed","version":"1.0.0","findings_count":0},{"name":"claim_evidence","ran_at":"2026-05-19T21:41:57.719657Z","status":"completed","version":"1.0.0","findings_count":0},{"name":"ai_meta_artifact","ran_at":"2026-05-19T21:33:23.670465Z","status":"skipped","version":"1.0.0","findings_count":0}],"snapshot_sha256":"fcd5e1ce8fbd65ae08b78f7b06783f076cabdb02ab635b25f93390e1e0102741"},"references":{"count":60,"sample":[{"doi":"","year":2026,"title":"Common Weakness Enumeration","work_id":"0a2de53a-f5e1-46ce-97e6-d3b761051f6f","ref_index":1,"cited_arxiv_id":"","is_internal_anchor":false},{"doi":"","year":2026,"title":"National Vulnerability Database (NVD)","work_id":"150306d9-2fd8-4b89-af98-19304828da3c","ref_index":2,"cited_arxiv_id":"","is_internal_anchor":false},{"doi":"","year":2024,"title":"Aider. 2024. Introducing Aider. https://aider.chat/ Accessed: 2026-01-15","work_id":"072c399f-2f5a-4b18-8bad-83460c95338d","ref_index":3,"cited_arxiv_id":"","is_internal_anchor":false},{"doi":"10.3390/make7040149","year":2025,"title":"Alfred Asare Amoah and Yan Liu. 2025. Explainable Recommendation of Soft- ware Vulnerability Repair Based on Metadata Retrieval and Multifaceted LLMs. Machine Learning and Knowledge Extraction7, 4 (20","work_id":"6306e8e0-11a6-48ad-86f8-9e997c237ddd","ref_index":4,"cited_arxiv_id":"","is_internal_anchor":false},{"doi":"","year":2021,"title":"Guru Bhandari, Amara Naseer, and Leon Moonen. 2021. CVEfixes: automated collection of vulnerabilities and their fixes from open-source software. InProceed- ings of the 17th International Conference on","work_id":"086c9a03-3f63-40f3-8671-d581a89b9087","ref_index":5,"cited_arxiv_id":"","is_internal_anchor":false}],"resolved_work":60,"snapshot_sha256":"e37a6a5945851af7040c9bc02a68ea0df2010ad523ea64f7884476df647ddda8","internal_anchors":7},"formal_canon":{"evidence_count":2,"snapshot_sha256":"a01e10d50d4b9d159e219d3a1ead4f50b0e98fc7d548892ab8c6bf52e84b459e"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"}