Open source software (OSS) vulnerabilities threaten the security of software systems that use OSS. Vulnerability databases provide valuable information (e.g., vulnerable version and patch) to mitigate OSS vulnerabilities. There arises a growing concern about the information quality of vulnerability databases. However, it is unclear what the quality of patches in existing vulnerability databases is; and existing manual or heuristic-based approaches for patch tracking are either too expensive or too specific to apply to all OSS vulnerabilities.

翻译：开源软件（OSS）漏洞威胁着使用开源软件的系统安全。漏洞数据库提供了缓解开源软件漏洞所需的重要信息（如受影响版本和补丁）。当前，漏洞数据库中补丁的信息质量问题日益受到关注。然而，现有漏洞数据库中的补丁质量尚不明确；现有基于人工或启发式的补丁追踪方法要么成本过高，要么过于特定，难以适用于所有开源软件漏洞。