Leopo1d/OpenVul-Qwen3-4B-SFT-ep5

OpenVul-Qwen3-4B-SFT-ep5: Vulnerability Detection Model

Leopo1d/OpenVul-Qwen3-4B-SFT-ep5 is a specialized language model built upon the Qwen3 architecture, specifically fine-tuned for vulnerability detection in C/C++ code. Its core strength lies in its ability to analyze security flaws by considering the broader context-level, including global variables, type definitions, and callee functions, rather than just isolated functions.

Key Capabilities & Features

• Context-Aware Vulnerability Detection: Unlike models that might only analyze individual functions, OpenVul-Qwen3-4B-SFT-ep5 leverages inter-procedural contexts for more accurate and comprehensive vulnerability identification.
• Security Expertise: Fine-tuned on high-quality vulnerability reasoning Chain-of-Thought (CoT) data, it possesses basic security expertise and strong instruction-following capabilities.
• Rejection Sampling Training: The model was trained using rejection sampling, a method chosen to prevent "ground-truth leakage" and reasoning hallucinations, ensuring robust and reliable analysis.
• CWE Standard Focus: It is designed to provide precise, evidence-based analysis, clearly labeling detected vulnerabilities with Common Weakness Enumeration (CWE) identifiers.

Good For

• Automated Code Security Analysis: Ideal for developers and security researchers needing to automatically identify potential security vulnerabilities in C/C++ codebases.
• Integrating Security Checks: Can be integrated into CI/CD pipelines or development workflows to provide early detection of security flaws.
• Educational & Research Purposes: Useful for studying and understanding vulnerability patterns and the application of LLMs in code security.

For optimal inference, specific vLLM parameters are recommended, including enable_thinking=True, n=8, and a detailed system and user prompt template designed for vulnerability analysis.