Proof-of-Concept (PoC) vulnerability reports suffer from pervasive critical information omissions due to heterogeneous platform templates, severely limiting their practical utility. Method: This work presents the first systematic analysis of 173,170 cross-platform PoC reports, revealing that 100% exhibit at least one missing information element. To address this, we propose an automated completion framework leveraging multi-source heterogeneous data (PoC platforms + CVE entries). Our approach features an eight-category key-element extraction model integrating rule-based matching and fine-tuned BERT-NER, coupled with a cross-source semantic alignment and information fusion algorithm. Contribution/Results: Experimental evaluation demonstrates successful completion of 69,583 reports (40.18% coverage), significantly enhancing report completeness and the verifiability of exploitability—thereby improving downstream security analysis and automation.

For vulnerabilities, Proof-of-Concept (PoC) plays an irreplaceable role in demonstrating the exploitability. PoC reports may include critical information such as specific usage, test platforms, and more, providing essential insights for researchers. However, in reality, due to various PoC templates across PoC platforms, PoC reports extensively suffer from information deficiency, leading the suboptimal quality and limited usefulness. Fortunately, we found that information deficiency of PoC reports could be mitigated by the completion from multiple sources given the same referred vulnerability. In this paper, we conduct the first study on the deficiency of information in PoC reports across public platforms. We began by collecting 173,170 PoC reports from 4 different platforms and defined 8 key aspects that PoCs should contain. By integrating rule-based matching and a fine-tuned BERT-NER model for extraction of key aspects, we discovered that all PoC reports available on public platforms have at least one missing key aspect. Subsequently, we developed a multi-source information fusion method to complete the missing aspect information in PoC reports by leveraging CVE entries and related PoC reports from different sources. Finally, we successfully completed 69,583 PoC reports (40.18% of all reports).