{"bundle_type":"pith_open_graph_bundle","bundle_version":"1.0","pith_number":"pith:2023:TXUHG4MZNUPV77B3LV2NUELDNE","short_pith_number":"pith:TXUHG4MZ","canonical_record":{"source":{"id":"2308.04662","kind":"arxiv","version":3},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2023-08-09T02:02:46Z","cross_cats_sorted":[],"title_canon_sha256":"53cb749fccc00da8b501cd52a664397684eb1eada0a5c7093efdb440b3e0ab1b","abstract_canon_sha256":"3e0fe56058e1d71a61235f047d4029bcf03905baed140356d08bf525fba617a1"},"schema_version":"1.0"},"canonical_sha256":"9de87371996d1f5ffc3b5d74da11636906e473e8475667144a8f3d3ba9278165","source":{"kind":"arxiv","id":"2308.04662","version":3},"source_aliases":[{"alias_kind":"arxiv","alias_value":"2308.04662","created_at":"2026-07-05T08:20:23Z"},{"alias_kind":"arxiv_version","alias_value":"2308.04662v3","created_at":"2026-07-05T08:20:23Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2308.04662","created_at":"2026-07-05T08:20:23Z"},{"alias_kind":"pith_short_12","alias_value":"TXUHG4MZNUPV","created_at":"2026-07-05T08:20:23Z"},{"alias_kind":"pith_short_16","alias_value":"TXUHG4MZNUPV77B3","created_at":"2026-07-05T08:20:23Z"},{"alias_kind":"pith_short_8","alias_value":"TXUHG4MZ","created_at":"2026-07-05T08:20:23Z"}],"events":[{"event_type":"record_created","subject_pith_number":"pith:2023:TXUHG4MZNUPV77B3LV2NUELDNE","target":"record","payload":{"canonical_record":{"source":{"id":"2308.04662","kind":"arxiv","version":3},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2023-08-09T02:02:46Z","cross_cats_sorted":[],"title_canon_sha256":"53cb749fccc00da8b501cd52a664397684eb1eada0a5c7093efdb440b3e0ab1b","abstract_canon_sha256":"3e0fe56058e1d71a61235f047d4029bcf03905baed140356d08bf525fba617a1"},"schema_version":"1.0"},"canonical_sha256":"9de87371996d1f5ffc3b5d74da11636906e473e8475667144a8f3d3ba9278165","receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-07-05T08:20:23.893698Z","signature_b64":"sMVxKxn9AfcQwmYO7w0BHn6inp31W+i+OXRwxQ5VbAScegMkRZka48rjD3+9LTqrJBsAX0C547NNl/+aI8nDCw==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"9de87371996d1f5ffc3b5d74da11636906e473e8475667144a8f3d3ba9278165","last_reissued_at":"2026-07-05T08:20:23.893214Z","signature_status":"signed_v1","first_computed_at":"2026-07-05T08:20:23.893214Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"source_kind":"arxiv","source_id":"2308.04662","source_version":3,"attestation_state":"computed"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-07-05T08:20:23Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"AkqibA2KumY0FYJUjWia9uLzT7X2v6gPz0o6XZcuJjjHNDKb5rfImOGNKnrKEsl2AaCixWKlDr+KhMcFdcoYDQ==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-07-08T19:11:26.538304Z"},"content_sha256":"3374b5bf2f47f58d597f99e7e9c0e2310c2aaf993bf485c957bdfb18bb805f76","schema_version":"1.0","event_id":"sha256:3374b5bf2f47f58d597f99e7e9c0e2310c2aaf993bf485c957bdfb18bb805f76"},{"event_type":"graph_snapshot","subject_pith_number":"pith:2023:TXUHG4MZNUPV77B3LV2NUELDNE","target":"graph","payload":{"graph_snapshot":{"paper":{"title":"VulLibGen: Generating Names of Vulnerability-Affected Packages via a Large Language Model","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":[],"primary_cat":"cs.CR","authors_text":"Guangtai Liang, Lin Li, Liuchuan Zhu, Qianxiang Wang, Tao Xie, Tianyu Chen, Xueqing Liu, Zongyang Li","submitted_at":"2023-08-09T02:02:46Z","abstract_excerpt":"Security practitioners maintain vulnerability reports (e.g., GitHub Advisory) to help developers mitigate security risks. An important task for these databases is automatically extracting structured information mentioned in the report, e.g., the affected software packages, to accelerate the defense of the vulnerability ecosystem.\n  However, it is challenging for existing work on affected package identification to achieve a high accuracy. One reason is that all existing work focuses on relatively smaller models, thus they cannot harness the knowledge and semantic capabilities of large language "},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2308.04662","kind":"arxiv","version":3},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"integrity":{"clean":true,"summary":{"advisory":0,"critical":0,"by_detector":{},"informational":0},"endpoint":"/pith/2308.04662/integrity.json","findings":[],"available":true,"detectors_run":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938"},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"verdict_id":null},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-07-05T08:20:23Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"GJJsxjnMGb0CxkEGCybZUsW8DASvzby1JmQE0rM6efd2rE4ZLKfidTSG4Aoq2rj9RLoxlGwgYlnWllXWbDrpBQ==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-07-08T19:11:26.538704Z"},"content_sha256":"4e4a951932052da4092d49ef4a9e96fbf72fe469a7e15fb1de9df5966a741657","schema_version":"1.0","event_id":"sha256:4e4a951932052da4092d49ef4a9e96fbf72fe469a7e15fb1de9df5966a741657"}],"timestamp_proofs":[],"mirror_hints":[{"mirror_type":"https","name":"Pith Resolver","base_url":"https://pith.science","bundle_url":"https://pith.science/pith/TXUHG4MZNUPV77B3LV2NUELDNE/bundle.json","state_url":"https://pith.science/pith/TXUHG4MZNUPV77B3LV2NUELDNE/state.json","well_known_bundle_url":"https://pith.science/.well-known/pith/TXUHG4MZNUPV77B3LV2NUELDNE/bundle.json","status":"primary"}],"public_keys":[{"key_id":"pith-v1-2026-05","algorithm":"ed25519","format":"raw","public_key_b64":"stVStoiQhXFxp4s2pdzPNoqVNBMojDU/fJ2db5S3CbM=","public_key_hex":"b2d552b68890857171a78b36a5dccf368a953413288c353f7c9d9d6f94b709b3","fingerprint_sha256_b32_first128bits":"RVFV5Z2OI2J3ZUO7ERDEBCYNKS","fingerprint_sha256_hex":"8d4b5ee74e4693bcd1df2446408b0d54","rotates_at":null,"url":"https://pith.science/pith-signing-key.json","notes":"Pith uses this Ed25519 key to sign canonical record SHA-256 digests. Verify with: ed25519_verify(public_key, message=canonical_sha256_bytes, signature=base64decode(signature_b64))."}],"merge_version":"pith-open-graph-merge-v1","built_at":"2026-07-08T19:11:26Z","links":{"resolver":"https://pith.science/pith/TXUHG4MZNUPV77B3LV2NUELDNE","bundle":"https://pith.science/pith/TXUHG4MZNUPV77B3LV2NUELDNE/bundle.json","state":"https://pith.science/pith/TXUHG4MZNUPV77B3LV2NUELDNE/state.json","well_known_bundle":"https://pith.science/.well-known/pith/TXUHG4MZNUPV77B3LV2NUELDNE/bundle.json"},"state":{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2023:TXUHG4MZNUPV77B3LV2NUELDNE","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"3e0fe56058e1d71a61235f047d4029bcf03905baed140356d08bf525fba617a1","cross_cats_sorted":[],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2023-08-09T02:02:46Z","title_canon_sha256":"53cb749fccc00da8b501cd52a664397684eb1eada0a5c7093efdb440b3e0ab1b"},"schema_version":"1.0","source":{"id":"2308.04662","kind":"arxiv","version":3}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"2308.04662","created_at":"2026-07-05T08:20:23Z"},{"alias_kind":"arxiv_version","alias_value":"2308.04662v3","created_at":"2026-07-05T08:20:23Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2308.04662","created_at":"2026-07-05T08:20:23Z"},{"alias_kind":"pith_short_12","alias_value":"TXUHG4MZNUPV","created_at":"2026-07-05T08:20:23Z"},{"alias_kind":"pith_short_16","alias_value":"TXUHG4MZNUPV77B3","created_at":"2026-07-05T08:20:23Z"},{"alias_kind":"pith_short_8","alias_value":"TXUHG4MZ","created_at":"2026-07-05T08:20:23Z"}],"graph_snapshots":[{"event_id":"sha256:4e4a951932052da4092d49ef4a9e96fbf72fe469a7e15fb1de9df5966a741657","target":"graph","created_at":"2026-07-05T08:20:23Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"integrity":{"available":true,"clean":true,"detectors_run":[],"endpoint":"/pith/2308.04662/integrity.json","findings":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938","summary":{"advisory":0,"by_detector":{},"critical":0,"informational":0}},"paper":{"abstract_excerpt":"Security practitioners maintain vulnerability reports (e.g., GitHub Advisory) to help developers mitigate security risks. An important task for these databases is automatically extracting structured information mentioned in the report, e.g., the affected software packages, to accelerate the defense of the vulnerability ecosystem.\n  However, it is challenging for existing work on affected package identification to achieve a high accuracy. One reason is that all existing work focuses on relatively smaller models, thus they cannot harness the knowledge and semantic capabilities of large language ","authors_text":"Guangtai Liang, Lin Li, Liuchuan Zhu, Qianxiang Wang, Tao Xie, Tianyu Chen, Xueqing Liu, Zongyang Li","cross_cats":[],"headline":"","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2023-08-09T02:02:46Z","title":"VulLibGen: Generating Names of Vulnerability-Affected Packages via a Large Language Model"},"references":{"count":0,"internal_anchors":0,"resolved_work":0,"sample":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2308.04662","kind":"arxiv","version":3},"verdict":{"created_at":null,"id":null,"model_set":{},"one_line_summary":"","pipeline_version":null,"pith_extraction_headline":"","strongest_claim":"","weakest_assumption":""}},"verdict_id":null}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:3374b5bf2f47f58d597f99e7e9c0e2310c2aaf993bf485c957bdfb18bb805f76","target":"record","created_at":"2026-07-05T08:20:23Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"3e0fe56058e1d71a61235f047d4029bcf03905baed140356d08bf525fba617a1","cross_cats_sorted":[],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2023-08-09T02:02:46Z","title_canon_sha256":"53cb749fccc00da8b501cd52a664397684eb1eada0a5c7093efdb440b3e0ab1b"},"schema_version":"1.0","source":{"id":"2308.04662","kind":"arxiv","version":3}},"canonical_sha256":"9de87371996d1f5ffc3b5d74da11636906e473e8475667144a8f3d3ba9278165","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"9de87371996d1f5ffc3b5d74da11636906e473e8475667144a8f3d3ba9278165","first_computed_at":"2026-07-05T08:20:23.893214Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-07-05T08:20:23.893214Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"sMVxKxn9AfcQwmYO7w0BHn6inp31W+i+OXRwxQ5VbAScegMkRZka48rjD3+9LTqrJBsAX0C547NNl/+aI8nDCw==","signature_status":"signed_v1","signed_at":"2026-07-05T08:20:23.893698Z","signed_message":"canonical_sha256_bytes"},"source_id":"2308.04662","source_kind":"arxiv","source_version":3}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:3374b5bf2f47f58d597f99e7e9c0e2310c2aaf993bf485c957bdfb18bb805f76","sha256:4e4a951932052da4092d49ef4a9e96fbf72fe469a7e15fb1de9df5966a741657"],"state_sha256":"3dc24d876341319ed1421c3bea8a55a55766c741e3f0c4feba6c3cac2fe64cda"},"bundle_signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"Wz+O/Qf7jCZLQVh06zUhNs2BmlHxkUaNpS7quYbckDxI9arhLASVERAZhKbWddcWpMsajDMLnz3ww6LNQeZqAg==","signed_message":"bundle_sha256_bytes","signed_at":"2026-07-08T19:11:26.540703Z","bundle_sha256":"5414d6505fff9588ca2805a9e330e642b3328d07fd894220b01033931b7eb310"}}