Software vulnerability management has become increasingly critical as modern systems scale in size and complexity. However, existing automated approaches remain insufficient. Traditional static analysis methods struggle to precisely capture contextual dependencies, especially when vulnerabilities span multiple functions or modules. Large language models (LLMs) often lack the ability to retrieve and exploit sufficient contextual information, resulting in incomplete reasoning and unreliable outcomes. Meanwhile, recurring vulnerabilities emerge repeatedly due to code reuse and shared logic, making historical vulnerability knowledge an indispensable foundation for effective vulnerability detection and repair. Nevertheless, prior approaches such as clone-based detection and patch porting, have not fully leveraged this knowledge. To address these challenges, we present MAVM, a multi-agent framework for end-to-end recurring vulnerability management. MAVM integrates five components, including a vulnerability knowledge base, detection, confirmation, repair, and validation, into a unified multi-agent pipeline. We construct a knowledge base from publicly disclosed vulnerabilities, thereby addressing the underuse of historical knowledge in prior work and mitigating the lack of domain-specific expertise in LLMs. Furthermore, we design context-retrieval tools that allow agents to extract and reason over repository-level information, overcoming the contextual limitations of previous methods. Based on agents, MAVM effectively simulates real-world security workflows. To evaluate the performance of MAVM, we construct a dataset containing 78 real-world patch-porting cases (covering 114 function-level migrations). On this dataset, MAVM successfully detects and repairs 51 real vulnerabilities, outperforming baselines by 31.9%-45.2% in repair accuracy, which demonstrates its effectiveness.

翻译：随着现代系统规模和复杂性的不断增加，软件漏洞管理变得日益关键。然而，现有的自动化方法仍然不足。传统的静态分析方法难以精确捕捉上下文依赖关系，尤其是在漏洞跨越多个函数或模块时。大型语言模型（LLMs）通常缺乏检索和利用充分上下文信息的能力，导致推理不完整和结果不可靠。同时，由于代码重用和共享逻辑，复现性漏洞反复出现，使得历史漏洞知识成为有效漏洞检测与修复不可或缺的基础。尽管如此，先前的方法（如基于克隆的检测和补丁移植）并未充分利用这一知识。为应对这些挑战，我们提出了MAVM，一个用于端到端复现性漏洞管理的多智能体框架。MAVM将五个组件——包括漏洞知识库、检测、确认、修复和验证——集成到一个统一的多智能体流程中。我们从公开披露的漏洞中构建了一个知识库，从而解决了先前工作中历史知识利用不足的问题，并缓解了LLMs在领域专业知识方面的缺乏。此外，我们设计了上下文检索工具，使智能体能够提取并基于仓库级信息进行推理，克服了先前方法的上下文局限性。基于智能体，MAVM有效地模拟了现实世界的安全工作流程。为评估MAVM的性能，我们构建了一个包含78个现实世界补丁移植案例（涵盖114个函数级迁移）的数据集。在该数据集上，MAVM成功检测并修复了51个真实漏洞，其修复准确率较基线方法高出31.9%–45.2%，证明了其有效性。