Code-Centric Detection of Vulnerability-Fixing Commits: A Unified Benchmark and Empirical Study

ArXi:2605.13138v1 Announce Type: cross Automated detection of vulnerability-fixing commits (VFCs) is critical for timely security patch deployment, as advisory databases lag patch releases by a median of 25 days and many fixes never receive advisories. We present a comprehensive evaluation of code language model based VFC detection through a unified framework consolidating over 20 fragmented datasets spanning than 180000 commits.