Instructions to use ChamaraVishwajithRajapaksha/gemma-4-vulnerability-detector with libraries, inference providers, notebooks, and local apps. Follow these links to get started.

Libraries

How to use ChamaraVishwajithRajapaksha/gemma-4-vulnerability-detector with PEFT:

from peft import PeftModel
from transformers import AutoModelForCausalLM

base_model = AutoModelForCausalLM.from_pretrained("unsloth/gemma-4-E2B-it")
model = PeftModel.from_pretrained(base_model, "ChamaraVishwajithRajapaksha/gemma-4-vulnerability-detector")

Transformers

How to use ChamaraVishwajithRajapaksha/gemma-4-vulnerability-detector with Transformers:

# Use a pipeline as a high-level helper
from transformers import pipeline

pipe = pipeline("text-generation", model="ChamaraVishwajithRajapaksha/gemma-4-vulnerability-detector")
messages = [
    {"role": "user", "content": "Who are you?"},
]
pipe(messages)

# Load model directly
from transformers import AutoModel
model = AutoModel.from_pretrained("ChamaraVishwajithRajapaksha/gemma-4-vulnerability-detector", dtype="auto")

Notebooks
Google Colab
Kaggle
Local Apps

vLLM

How to use ChamaraVishwajithRajapaksha/gemma-4-vulnerability-detector with vLLM:

Install from pip and serve model

# Install vLLM from pip:
pip install vllm
# Start the vLLM server:
vllm serve "ChamaraVishwajithRajapaksha/gemma-4-vulnerability-detector"
# Call the server using curl (OpenAI-compatible API):
curl -X POST "http://localhost:8000/v1/chat/completions" \
	-H "Content-Type: application/json" \
	--data '{
		"model": "ChamaraVishwajithRajapaksha/gemma-4-vulnerability-detector",
		"messages": [
			{
				"role": "user",
				"content": "What is the capital of France?"
			}
		]
	}'

Use Docker

docker model run hf.co/ChamaraVishwajithRajapaksha/gemma-4-vulnerability-detector

SGLang

How to use ChamaraVishwajithRajapaksha/gemma-4-vulnerability-detector with SGLang:

Install from pip and serve model

# Install SGLang from pip:
pip install sglang
# Start the SGLang server:
python3 -m sglang.launch_server \
    --model-path "ChamaraVishwajithRajapaksha/gemma-4-vulnerability-detector" \
    --host 0.0.0.0 \
    --port 30000
# Call the server using curl (OpenAI-compatible API):
curl -X POST "http://localhost:30000/v1/chat/completions" \
	-H "Content-Type: application/json" \
	--data '{
		"model": "ChamaraVishwajithRajapaksha/gemma-4-vulnerability-detector",
		"messages": [
			{
				"role": "user",
				"content": "What is the capital of France?"
			}
		]
	}'

Use Docker images

docker run --gpus all \
    --shm-size 32g \
    -p 30000:30000 \
    -v ~/.cache/huggingface:/root/.cache/huggingface \
    --env "HF_TOKEN=<secret>" \
    --ipc=host \
    lmsysorg/sglang:latest \
    python3 -m sglang.launch_server \
        --model-path "ChamaraVishwajithRajapaksha/gemma-4-vulnerability-detector" \
        --host 0.0.0.0 \
        --port 30000
# Call the server using curl (OpenAI-compatible API):
curl -X POST "http://localhost:30000/v1/chat/completions" \
	-H "Content-Type: application/json" \
	--data '{
		"model": "ChamaraVishwajithRajapaksha/gemma-4-vulnerability-detector",
		"messages": [
			{
				"role": "user",
				"content": "What is the capital of France?"
			}
		]
	}'

Unsloth Studio new

How to use ChamaraVishwajithRajapaksha/gemma-4-vulnerability-detector with Unsloth Studio:

Install Unsloth Studio (macOS, Linux, WSL)

curl -fsSL https://unsloth.ai/install.sh | sh
# Run unsloth studio
unsloth studio -H 0.0.0.0 -p 8888
# Then open http://localhost:8888 in your browser
# Search for ChamaraVishwajithRajapaksha/gemma-4-vulnerability-detector to start chatting

Install Unsloth Studio (Windows)

irm https://unsloth.ai/install.ps1 | iex
# Run unsloth studio
unsloth studio -H 0.0.0.0 -p 8888
# Then open http://localhost:8888 in your browser
# Search for ChamaraVishwajithRajapaksha/gemma-4-vulnerability-detector to start chatting

Using HuggingFace Spaces for Unsloth

# No setup required
# Open https://huggingface.co/spaces/unsloth/studio in your browser
# Search for ChamaraVishwajithRajapaksha/gemma-4-vulnerability-detector to start chatting

Load model with FastModel

pip install unsloth
from unsloth import FastModel
model, tokenizer = FastModel.from_pretrained(
    model_name="ChamaraVishwajithRajapaksha/gemma-4-vulnerability-detector",
    max_seq_length=2048,
)

Docker Model Runner
How to use ChamaraVishwajithRajapaksha/gemma-4-vulnerability-detector with Docker Model Runner:
```
docker model run hf.co/ChamaraVishwajithRajapaksha/gemma-4-vulnerability-detector
```

Model Card for gemma-4-vulnerability-detector

Model Details

Model Description

gemma-4-vulnerability-detector is a fine-tuned large language model designed for software vulnerability detection and secure code analysis. The model is based on unsloth/gemma-4-E2B-it and fine-tuned using LoRA (Low-Rank Adaptation) techniques on a custom cybersecurity dataset focused on identifying vulnerable code patterns.

The model is intended to assist developers, researchers, cybersecurity engineers, and students in identifying potential software vulnerabilities in source code. It can analyze code snippets and provide vulnerability-related insights, making it useful for secure software development workflows, educational purposes, and AI-assisted code review systems.

The model was trained on an unbalanced vulnerability detection dataset containing vulnerable and non-vulnerable code samples across different programming scenarios.

Developed by: Chamara Vishwajith Rajapaksha
Model type: Causal Language Model (LLM) fine-tuned for code vulnerability detection
Language(s) (NLP): English
License: Gemma License / Check base model license
Finetuned from model: unsloth/gemma-4-E2B-it

Model Sources

Base Model Repository: urlunsloth/gemma-4-E2B-ithttps://huggingface.co/unsloth/gemma-4-E2B-it
Model Repository: urlChamaraVishwajithRajapaksha/gemma-4-vulnerability-detectorhttps://huggingface.co/ChamaraVishwajithRajapaksha/gemma-4-vulnerability-detector
Dataset: urlCode-Vulnerability-FineTune Datasethttps://huggingface.co/datasets/ChamaraVishwajithRajapaksha/Code-Vulnerability-FineTune

Uses

Direct Use

This model can be used directly for:

Software vulnerability detection
Secure code review assistance
Educational demonstrations for cybersecurity learning
AI-assisted static code analysis
Research in AI-based software security
Identifying insecure coding patterns

Example tasks include:

Detecting SQL injection vulnerabilities
Identifying unsafe memory handling patterns
Recognizing insecure authentication logic
Finding hardcoded secrets or unsafe API usage
General secure coding recommendations

Downstream Use

The model can be integrated into:

IDE extensions
CI/CD security pipelines
Secure coding assistants
Vulnerability scanning tools
Research systems for software security
AI-powered code review platforms

Out-of-Scope Use

This model is not intended for:

Fully automated security auditing without human verification
Production-critical security decisions without expert review
Malware generation or offensive cybersecurity activities
Exploit development or attack automation
Replacing professional penetration testing or secure code review

The model may produce false positives or false negatives and should always be used with human oversight.

Bias, Risks, and Limitations

This model was trained on an unbalanced dataset, which may introduce bias toward more frequent vulnerability classes or coding patterns. Performance may vary across programming languages, frameworks, and vulnerability categories.

Potential limitations include:

False positives in vulnerability detection
Missed vulnerabilities in complex codebases
Reduced performance on unseen programming languages
Sensitivity to prompt quality and code formatting
Hallucinated explanations or security recommendations

The model should be used as an assistant tool rather than a final security authority.

Recommendations

Users should:

Validate outputs using traditional security analysis tools
Combine results with manual code review
Avoid relying solely on the model for production security decisions
Continuously evaluate model outputs for correctness
Use updated datasets and fine-tuning methods for future improvements

How to Get Started with the Model

from transformers import AutoTokenizer, AutoModelForCausalLM

model_name = "ChamaraVishwajithRajapaksha/gemma-4-vulnerability-detector"

tokenizer = AutoTokenizer.from_pretrained(model_name)
model = AutoModelForCausalLM.from_pretrained(model_name)

prompt = """
Analyze the following code for security vulnerabilities:

user_input = request.GET['id']
query = "SELECT * FROM users WHERE id = '" + user_input + "'"
"""

inputs = tokenizer(prompt, return_tensors="pt")
outputs = model.generate(**inputs, max_new_tokens=200)

print(tokenizer.decode(outputs[0], skip_special_tokens=True))

Training Details

Training Data

The model was fine-tuned using the following dataset:

urlCode-Vulnerability-FineTune Datasethttps://huggingface.co/datasets/ChamaraVishwajithRajapaksha/Code-Vulnerability-FineTune

Dataset characteristics:

Vulnerable and non-vulnerable code samples
Security-focused instruction tuning format
Multiple software vulnerability patterns
Unbalanced class distribution
Code analysis and classification tasks

Training Procedure

The model was fine-tuned using Supervised Fine-Tuning (SFT) with LoRA adapters.

Preprocessing

Training samples were converted into instruction-response format suitable for conversational fine-tuning. Code snippets and vulnerability descriptions were tokenized using the Gemma tokenizer.

Training Hyperparameters

Base Model: unsloth/gemma-4-E2B-it
Fine-Tuning Method: LoRA
Frameworks: Transformers, TRL, PEFT, Unsloth
Training regime: Mixed precision training
PEFT Version: 0.19.1

Speeds, Sizes, Times

Training completed on GPU-based infrastructure
Final model includes LoRA adapter weights
Optimized for efficient inference and fine-tuning

Evaluation

Testing Data, Factors & Metrics

Testing Data

The evaluation used held-out samples from the vulnerability detection dataset and manually inspected examples.

Factors

Evaluation factors included:

Vulnerability detection capability
Response quality
Security reasoning quality
Generalization to unseen code samples

Metrics

Evaluation considered:

Detection accuracy
Precision and recall
Response consistency
Human qualitative analysis

Results

The model demonstrated promising performance in identifying common software vulnerabilities and providing security-focused explanations for insecure code patterns.

The model performs best on:

Common web security vulnerabilities
Basic insecure coding practices
Instruction-following vulnerability analysis tasks

Performance may decrease on:

Highly obfuscated code
Rare vulnerability categories
Complex multi-file software systems

Model Examination

The model exhibits improved vulnerability reasoning capabilities compared to the base model for cybersecurity-focused prompts. Further benchmarking against dedicated static analysis tools and security datasets is recommended.

Environmental Impact

Carbon emissions can be estimated using the Machine Learning Impact calculator.

Hardware Type: NVIDIA GPU
Hours used: Multiple training hours
Cloud Provider: Local / Custom Infrastructure
Compute Region: Sri Lanka
Carbon Emitted: Not calculated

Technical Specifications

Model Architecture and Objective

The model is based on the Gemma architecture and fine-tuned for vulnerability detection and secure code understanding using parameter-efficient fine-tuning techniques.

Compute Infrastructure

Hardware

NVIDIA GPU infrastructure
CUDA-enabled training environment

Software

Python
PyTorch
Transformers
TRL
PEFT
Unsloth

Citation

BibTeX

@misc{gemma4_vulnerability_detector,
  title={gemma-4-vulnerability-detector},
  author={Chamara Vishwajith Rajapaksha},
  year={2026},
  publisher={Hugging Face},
  howpublished={\url{https://huggingface.co/ChamaraVishwajithRajapaksha/gemma-4-vulnerability-detector}}
}

APA

Rajapaksha, C. V. (2026). gemma-4-vulnerability-detector [Machine learning model]. Hugging Face. https://huggingface.co/ChamaraVishwajithRajapaksha/gemma-4-vulnerability-detector

More Information

This project was developed as part of research and experimentation in AI-assisted cybersecurity and software vulnerability detection.

Future improvements may include:

Balanced vulnerability datasets
Multi-language code support
Benchmark-based evaluation
Integration with static analysis tools
Agentic AI workflows for secure software engineering

Model Card Authors

Chamara Vishwajith Rajapaksha

Model Card Contact

For questions, collaboration, or research discussions, contact through the Hugging Face profile:

urlChamaraVishwajithRajapaksha Profilehttps://huggingface.co/ChamaraVishwajithRajapaksha

Framework Versions

PEFT 0.19.1
Transformers
TRL
Unsloth
PyTorch

Downloads last month: 32

Model tree for ChamaraVishwajithRajapaksha/gemma-4-vulnerability-detector

Base model

google/gemma-4-E2B

Finetuned

google/gemma-4-E2B-it

Finetuned

unsloth/gemma-4-E2B-it

Adapter

(30)

this model