exploitintel/cve-cwe-qwen3-32b

Overview

exploitintel/cve-cwe-qwen3-32b is a QLoRA fine-tuned version of the Qwen3-32B base model, specifically engineered by exploitintel to classify Common Vulnerability and Exposures (CVE) descriptions into Common Weakness Enumeration (CWE) IDs. The model's adapter is merged into the base, released in 16-bit for direct loading with transformers.

Key Capabilities & Performance

• CVE to CWE Mapping: Accurately translates free-text CVE descriptions into one or more CWE IDs.
• High Accuracy: Achieves an exact-match score of 0.707 and a micro-F1 score of 0.729 on a held-out test set of 6,802 rows.
• Improved Inference: Demonstrates significant gains on "hard" cases where the weakness must be inferred, with an exact-match of 0.636 and micro-F1 of 0.657.
• Rare CWE Handling: Shows strong performance on macro-F1 (0.595), indicating proficiency with rare or long-tail CWEs.
• Low Hallucination: Rarely predicts non-existent CWEs, maintaining a conservative and reliable output.

Training Details

The model was fine-tuned using QLoRA (4-bit) with Unsloth on the exploitintel/cve-cwe-consensus dataset, which comprises 69,386 rows where NVD and CNA agree on CWE labels after roll-up to CWE View-1003. Training involved 2 epochs with a context length of 512.

Usage & Limitations

Designed for vulnerability analysts, it outputs comma-separated CWE IDs given a CVE description. A Q4_K_M GGUF variant is also available for local execution, requiring approximately 24 GB VRAM. The model is English-only, processes descriptions exclusively, and should be used as a triage/assist aid, not for authoritative CWE assignments without human review.