LLMVD.js uses LLM agents to confirm 84% of taint-style vulnerabilities on public benchmarks (vs. <22% for prior tools) and generates validated exploits for 36 of 260 new packages (vs. ≤2 for traditional tools).
Title resolution pending
6 Pith papers cite this work. Polarity classification is still indexing.
6
Pith papers citing it
citation-role summary
background 1
citation-polarity summary
years
2026 6roles
background 1polarities
background 1representative citing papers
GitHub Security Advisories follow two review-latency regimes—a fast path for repository advisories and a slow path for NVD-first advisories—explained by a queueing model of the processing pipeline.
LiveFuzz extends directed greybox fuzzing with abstract path mapping and risk-based mutation to expose library vulnerabilities from client programs on a 61-case dataset, reaching more target paths and triggering three vulnerabilities no baseline found.
Machine learning models forecast future OpenSSF Maintained scores on PyPI-linked GitHub repos with accuracies above 0.95 for bucketed maintenance levels and 0.79 for trend categories.
PyPI metadata gaps arise mainly from oversight, skepticism, and platform preferences, as shown by surveys of 1,776 responses analyzed with a robust LLaMA-based topic model.
79.1% of PyPI libraries provide at least one valid email address, primarily from PyPI metadata, with high coverage extending to dependency chains.
citing papers explorer
-
Taint-Style Vulnerability Detection and Confirmation for Node.js Packages Using LLM Agent Reasoning
LLMVD.js uses LLM agents to confirm 84% of taint-style vulnerabilities on public benchmarks (vs. <22% for prior tools) and generates validated exploits for 36 of 260 new packages (vs. ≤2 for traditional tools).
-
Characterizing and Modeling the GitHub Security Advisories Review Pipeline
GitHub Security Advisories follow two review-latency regimes—a fast path for repository advisories and a slow path for NVD-first advisories—explained by a queueing model of the processing pipeline.
-
Triggering and Detecting Exploitable Library Vulnerability from the Client by Directed Greybox Fuzzing
LiveFuzz extends directed greybox fuzzing with abstract path mapping and risk-based mutation to expose library vulnerabilities from client programs on a 61-case dataset, reaching more target paths and triggering three vulnerabilities no baseline found.
-
Forecasting the Maintained Score from the OpenSSF Scorecard: A Study of GitHub Repositories Linked to PyPI Packages
Machine learning models forecast future OpenSSF Maintained scores on PyPI-linked GitHub repos with accuracies above 0.95 for bucketed maintenance levels and 0.79 for trend categories.
-
Investigating Notable Metadata Practices in PyPI Libraries: An Empirical Study about Repository and Donation Platform URLs
PyPI metadata gaps arise mainly from oversight, skepticism, and platform preferences, as shown by surveys of 1,776 responses analyzed with a robust LLaMA-based topic model.
-
Analyzing the Availability of E-Mail Addresses for PyPI Libraries
79.1% of PyPI libraries provide at least one valid email address, primarily from PyPI metadata, with high coverage extending to dependency chains.