The invention provides a software vulnerability model test method based on vulnerability models. The method comprises the following steps: 1) the vulnerability models are loaded into a flow process from a database, that is, the vulnerability models are put into a memory, and data structures of the vulnerability models are established and used for reference during analyses of programs; 2) in the previous step for testing the models, models are tested according to relevant operations of vulnerability based on functions; and 3) in the final step for testing the models, the models are tested for principal functions, the states are tested and the existence of vulnerability is reported according to relevant operations of vulnerability and the model test results in the previous step. The vulnerability model load flow is as follows: the vulnerability models consist of vulnerability state nodes and gathers with directed edges; a flow for operating transition tables retrieved according to the directed edge types is established in a memory; irrelevant operations are filtered and removed through abstracting and processing programs in an abstract manner; the operation sequence flow relative tothe vulnerability models is abstracted; and each function program feature corresponds to an operation sequence linked list.