Abstract: With the variety and quantity of embedded devices are increasing, its security is facing a great challenges. Usually, security experts can manually identify software vulnerabilities in the firmware program of embedded devices, but manual analysis is extremely time-consuming. To solve the above problems, this paper proposes a firmware vulnerability detection method based on code attribute graph and bi-directional graph neural network, which can automatically detect software vulnerabilities in firmware programs from the source code level. In order to verify the feasibility of this method, the software vulnerability dataset collected from SARD and the real-world vulnerability dataset were experimentally verified. The experimental results show that the vulnerability detection accuracy and F1 score are up to 93.4% and 86.54%, so this method can significantly improve the detection capabilities of software vulnerabilities.