TF-IDF Pre-rank bge-code-v1 / Voyage AI LightGBM LTR
GitHub

Find the Security Patch for Any CVE

SPFinder uses a three-phase pipeline — BM25 pre-ranking, hierarchical embedding reranking, and learning-to-rank — to trace vulnerability patches from commit history.

TF-IDF Pre-rank
Top 50 candidates
🧠
bge-code-v1 / Voyage AI
Top 25 reranked
🎯
LightGBM LTR
Top 10 (precomputed)

Query

Why does this matter?
This server has limited RAM (3.8 GB). To prevent Elasticsearch OOM errors, repos not in local storage are cloned and indexed only within a ±24-month window around the CVE date (18 months before → 6 months after). Without a date, the system falls back to the latest 500 commits, which may miss the relevant patch. Providing the CVE date gives the most accurate search scope.
Searching…
ℹ️ Showing precomputed results from the SPFinder evaluation dataset.
1
TF-IDF Pre-rank
Pre-ranking · tfidf

Run a search to see BM25+Time ranked commits

2
Embedding Reranking
bge-code-v1 / Voyage AI
🧠

Top 25 will appear after BM25 pre-ranking

3
LTR Final Ranking
LightGBM · LambdaRank
🎯

Top 10 final patches will appear here