CVEfixes

CVEfixes 是一个全面的漏洞数据集，它从美国公共国家漏洞数据库 (NVD) 中的常见漏洞和暴露 (CVE) 记录中自动收集和整理。目标是通过提供不同相互关联的抽象级别（例如提交、文件和方法级别）的详细信息，支持基于源代码和与 NVD 中 CVE 修复相关的源代码指标的数据驱动的安全研究，以及存储库和 CVE 级别。在初始版本中，数据集涵盖了截至 2021 年 6 月 9 日的所有已发布 CVE。在此时间范围内，在 NVD 中的 CVE 记录中报告并具有公开可用的 git 存储库的所有开源项目都被提取并考虑用于构建此漏洞数据集。该数据集组织为一个关系数据库，涵盖了 1754 个开源项目中的 5495 个漏洞修复提交，共有 180 个不同的通用弱点枚举 (CWE) 类型的 5365 个 CVE。数据集包括修复前后的源代码18249个文件，50322个函数。

CVEfixes is a comprehensive vulnerability dataset automatically collected and curated from Common Vulnerabilities and Exposures (CVE) records in the U.S. National Vulnerability Database (NVD). It aims to support data-driven security research based on source code and source code metrics related to CVE fixes in the NVD, by providing detailed information at various interconnected abstraction levels, including commit, file, and method levels, as well as repository and CVE levels. In its initial release, the dataset covers all published CVEs as of June 9, 2021. Within this timeframe, all open-source projects reported in NVD CVE records with publicly available git repositories were extracted and incorporated into the construction of this vulnerability dataset. Organized as a relational database, the dataset encompasses 5,365 CVEs across 180 distinct Common Weakness Enumeration (CWE) types, 5,495 vulnerability-fixing commits from 1,754 open-source projects. It includes 18,249 source code files and 50,322 functions, both before and after the respective fixes.