“…To this end, tremendous efforts have been made to mitigate security risks in OSS vulnerabilities, ranging from detecting vulnerabilities in open source software via learning vulnerability features [45], [49], [50], [73], or matching vulnerability and/or patch signatures [35], [42], [47], [66], [67], to patching vulnerabilities in open source software [39], [52], [54], [69], or analyzing software composition for determining whether open source vulnerabilities are reachable through call paths in applications [58], [59], [60], [65]. In particular, vulnerability databases play a significant role in these efforts by providing valuable data (e.g., description, affected software and versions, and patches) for various vulnerability analysis tasks.…”