Software vulnerability is the main cause of various network security events, and ithas received continuous and extensive attention from security research institutions, academicgroups and enterprises. With the expansion of software scale and the development of newtechnology, researchers in software vulnerability mining fields are facing new challenges.However, it has been found that applying machine learning model to vulnerability mining canautomatically learn the deep syntax and semantic rules of code. This method has been provedto effectively improve the intelligence level and effectiveness of vulnerability mining. In thisreview, we conducted an extensive and in-depth investigation and analysis of vulnerabilitymining technology combined with machine learning methods, especially deep learning methods.First, the static vulnerability mining methods based on machine learning were analyzedfrom three aspects: code metrics, code patterns, and code similarity. Then, the applicationof machine learning in the dynamic vulnerability mining was summarized and discussed. Finally,based on the summary of existing research, the challenges of machine learning basedvulnerability mining were proposed, and future trends were presented.