Traditional vulnerability detection methods suffer from low efficiency, high false-positive rates, and inadequate scalability to modern software’s structural and semantic complexity. Method: This paper presents a systematic review of large language models (LLMs) for software vulnerability detection, introducing the first unified analytical framework covering model architectures (e.g., CodeBERT, GPT), adaptation techniques (prompt engineering, supervised fine-tuning, retrieval-augmented generation), multilingual support, evaluation methodologies, and dataset curation. Contribution/Results: The review identifies strengths and limitations across existing approaches, uncovers cross-study commonalities, and proposes novel solutions: (i) an interpretability-enhancing strategy for low-resource settings, and (ii) a scalable, extensible dataset construction pipeline. It further establishes three emerging research directions—cross-language vulnerability detection, multimodal fusion, and repository-level analysis. The work delivers the field’s first structured, living review, accompanied by an open-source, continuously updated bibliography on GitHub—providing a theoretical foundation, practical guidance, and open resources for LLM-driven security analysis.

Large Language Models (LLMs) are emerging as transformative tools for software vulnerability detection, addressing critical challenges in the security domain. Traditional methods, such as static and dynamic analysis, often falter due to inefficiencies, high false positive rates, and the growing complexity of modern software systems. By leveraging their ability to analyze code structures, identify patterns, and generate repair sugges- tions, LLMs, exemplified by models like GPT, BERT, and CodeBERT, present a novel and scalable approach to mitigating vulnerabilities. This paper provides a detailed survey of LLMs in vulnerability detection. It examines key aspects, including model architectures, application methods, target languages, fine-tuning strategies, datasets, and evaluation metrics. We also analyze the scope of current research problems, highlighting the strengths and weaknesses of existing approaches. Further, we address challenges such as cross-language vulnerability detection, multimodal data integration, and repository-level analysis. Based on these findings, we propose solutions for issues like dataset scalability, model interpretability, and applications in low-resource scenarios. Our contributions are threefold: (1) a systematic review of how LLMs are applied in vulnerability detection; (2) an analysis of shared patterns and differences across studies, with a unified framework for understanding the field; and (3) a summary of key challenges and future research directions. This work provides valuable insights for advancing LLM-based vulnerability detection. We also maintain and regularly update latest selected paper on https://github.com/OwenSanzas/LLM-For-Vulnerability-Detection