“…In this work, following prior works [6], [10], we formulate the problem of library identification from vulnerability reports as an XML problem, where vulnerability reports and possible libraries, which can be enumerated from package managers, e.g., npm, pypi,... are considered documents and labels, respectively. If security researchers believe that particular versions of the libraries are noteworthy [6], the vulnerability report may be labelled with specific versions of the affected library (e.g.…”