The invention provides a vulnerability detection method and a system based on path tracing, wherein the method comprises the following steps: for a current test case, obtaining a first running path generated when the current test case runs in a program to be detected; the first running path is matched with the preset vulnerability path. If the first running path matches the preset vulnerability path exactly, the vulnerability in the program to be detected is detected according to the current test case. The method and the system take a preset vulnerability path as a standard, if and only if thefirst run path generated when a current test case runs in the program to be detected matches the preset vulnerability path exactly, to determine that the current test case is a test case capable of triggering a vulnerability in the program to be detected, the final test cases can effectively detect the vulnerabilities in the program to be detected, which overcomes the problem that the existing fuzzy testing tools are difficult to ensure the effective detection of vulnerabilities, and to some extent improves the efficiency of vulnerability detection.