A Systematic Literature Review on Detecting Software Vulnerabilities with Large Language Models
This review helps researchers and practitioners in software engineering by organizing and clarifying the state-of-the-art in LLM-based vulnerability detection, though it is incremental as it synthesizes existing work rather than introducing new methods.
The authors conducted a systematic literature review of 227 studies from 2020 to 2025 to address the fragmented research landscape in using Large Language Models for software vulnerability detection, providing a structured taxonomy and actionable future directions to improve transparency and reproducibility.
The increasing adoption of Large Language Models (LLMs) in software engineering has sparked interest in their use for software vulnerability detection. However, the rapid development of this field has resulted in a fragmented research landscape, with diverse studies that are difficult to compare due to differences in, e.g., system designs and dataset usage. This fragmentation makes it difficult to obtain a clear overview of the state-of-the-art or compare and categorize studies meaningfully. In this work, we present a comprehensive systematic literature review (SLR) of LLM-based software vulnerability detection. We analyze 227 studies published between January 2020 and June 2025, categorizing them by task formulation, input representation, system architecture, and adaptation techniques. Further, we analyze the datasets used, including their characteristics, vulnerability coverage, and diversity. We present a fine-grained taxonomy of vulnerability detection approaches, identify key limitations, and outline actionable future research opportunities. By providing a structured overview of the field, this review improves transparency and serves as a practical guide for researchers and practitioners aiming to conduct more comparable and reproducible research. We publicly release all artifacts and maintain a living repository of LLM-based software vulnerability detection studies.