To address the security challenge of delayed vulnerability discovery and consequent exploitation in open-source software, this paper proposes a lightweight method for automatic identification of vulnerability-related GitHub Issues based on issue text. First, we construct the first domain-specific, manually annotated dataset for fine-grained classification of vulnerability-related Issues. Second, we design a Transformer-based supervised text classification framework incorporating domain-adapted feature engineering and a multi-model comparative evaluation strategy. Experiments demonstrate high-precision identification (F1 > 0.89) on our curated dataset, significantly reducing the vulnerability exposure window and enhancing the security response efficiency of the open-source ecosystem. Our core contributions are: (1) releasing the first fine-grained, vulnerability-Issue classification dataset; and (2) empirically validating the effectiveness and scalability of lightweight Transformer architectures for early-stage threat detection in open-source development contexts.

In today's digital landscape, the importance of timely and accurate vulnerability detection has significantly increased. This paper presents a novel approach that leverages transformer-based models and machine learning techniques to automate the identification of software vulnerabilities by analyzing GitHub issues. We introduce a new dataset specifically designed for classifying GitHub issues relevant to vulnerability detection. We then examine various classification techniques to determine their effectiveness. The results demonstrate the potential of this approach for real-world application in early vulnerability detection, which could substantially reduce the window of exploitation for software vulnerabilities. This research makes a key contribution to the field by providing a scalable and computationally efficient framework for automated detection, enabling the prevention of compromised software usage before official notifications. This work has the potential to enhance the security of open-source software ecosystems.