Current cross-language software vulnerability detection research lacks systematic comparative analysis, and the interrelationships among programming languages, program representations, vulnerability types, and analysis techniques—and associated domain limitations—remain poorly understood. To address this, we propose the first unified analytical framework encompassing multiple programming languages, abstraction levels (source code, intermediate representation, and binary), vulnerability categories (e.g., memory corruption, injection, logic flaws), and detection paradigms (static/dynamic analysis, symbolic execution, ML-driven methods). Leveraging bibliometric analysis, taxonomy modeling, and cross-study comparison, we identify common technical challenges and critical methodological gaps. Our work yields a comprehensive technology landscape and pinpoints twelve key research gaps, thereby providing theoretical foundations and practical guidance for designing cross-language vulnerability detection tools, establishing evaluation benchmarks, and charting future research directions.

Modern software systems are developed in diverse programming languages and often harbor critical vulnerabilities that attackers can exploit to compromise security. These vulnerabilities have been actively targeted in real-world attacks, causing substantial harm to users and cyberinfrastructure. Since many of these flaws originate from the code itself, a variety of techniques have been proposed to detect and mitigate them prior to software deployment. However, a comprehensive comparative study that spans different programming languages, program representations, bug types, and analysis techniques is still lacking. As a result, the relationships among programming languages, abstraction levels, vulnerability types, and detection approaches remain fragmented, and the limitations and research gaps across the landscape are not clearly understood. This article aims to bridge that gap by systematically examining widely used programming languages, levels of program representation, categories of vulnerabilities, and mainstream detection techniques. The survey provides a detailed understanding of current practices in vulnerability discovery, highlighting their strengths, limitations, and distinguishing characteristics. Furthermore, it identifies persistent challenges and outlines promising directions for future research in the field of software security.