@inproceedings{3193943, title = "CrossVul: A Cross-Language Vulnerability Dataset with Commit Data", author = "Nikitopoulos, Georgios and Dritsa, Konstantina and Louridas, Panos and and Mitropoulos, Dimitris", year = "2021", pages = "1565-1569", publisher = "ASSOCIATION FOR COMPUTING MACHINERY", booktitle = "PROCEEDINGS OF THE 29TH ACM JOINT MEETING ON EUROPEAN SOFTWARE ENGINEERING CONFERENCE AND SYMPOSIUM ON THE FOUNDATIONS OF SOFTWARE ENGINEERING (ESEC/FSE `21)", doi = "10.1145/3468264.3473122", keywords = "Dataset; vulnerabilities; security patches; commit messages", abstract = "Examining the characteristics of software vulnerabilities and the code that contains them can lead to the development of more secure software. We present a dataset (similar to 1.4 GB) containing vulnerable source code files together with the corresponding, patched versions. Contrary to other existing vulnerability datasets, ours includes vulnerable files written in more than 40 programming languages. Each file is associated to (1) a Common Vulnerability Exposures identifier (CVE ID) and (2) the repository it came from. Further, our dataset can be the basis for machine learning applications that identify defects, as we show in specific examples. We also present a supporting dataset that contains commit messages derived from Git commits that serve as security patches. This dataset can be used to train ML models that in turn, can be used to detect security patch commits as we highlight in a specific use case." }