An Offline, Multi-Language Code Vulnerability Detection Plugin with Graph Neural Networks and LLM-Guided Explanations

“Detection of security vulnerabilities early is not a security measure but a basic need for trustworthy software systems”. Since software systems handle sensitive data, early detection of security defects are needed to prevent misuse of information, financial loss and system compromises. There are many tools that are used for this purpose such as SonarQube, Fortify static code analyzer, Github Copilot, CodeQL. But the problem is that those are either static analysis tools or cloud based. Static code analysis tools are rule-based, resulting high false positives and lack of adaptability. Thus, making the tool inefficient at real-time. On the other hand, cloud-based tools are expensive, lack of offline capability and privacy issues. Hence, our paper focuses on building a free, offline, multi-language support, with LLM guided explanations and privacy preserving real-time VSCode plugin. Inspired by the counterfactual data augmentation framework proposed in VISION, we extend its idea into a real-time working plugin integrating Graph Neural Network with LLM guided explanations, focusing on offline, multi-language support (currently worked for C, C++. Java but can be extended in future) and privacy concerns. The VISION framework uses counterfactual augmentation to enhance model robustness and improve vulnerability classification performance. Experimental evaluation demonstrates competitive detection accuracy with low inference latency, making the system relevant for real-time IDE integration. The results indicate that combining graph-based learning with counterfactual augmentation and local LLM explanations provides a practical, privacy-preserving solution for secure software development. Additionally, the explainability and validation modules significantly improve the actionability of results, increasing developer trust and efficiency.