The invention relates to a source code vulnerability automatic detection method based on a graph convolution network. In the training phase, carrying out data acquisition and data preprocessing; judging whether the source code is called by a sink method or not; calling a sink method to perform data flow analysis, constructing a code attribute graph, calculating an adjacent matrix and a feature matrix of the code attribute graph, labeling the code attribute graph, taking the adjacent matrix and the feature matrix in the code attribute graph as input of a graph convolution network, and trainingthe graph convolution network to obtain a trained network model; in the test stage, carrying out data acquisition and data preprocessing; judging whether the source code is called by a sink method ornot; and performing data flow analysis, constructing a code attribute graph, calculating an adjacent matrix and a feature matrix of the code attribute graph, inputting the trained graph convolutionalnetwork model, outputting a classification result of the code attribute graph, and representing whether the code attribute graph has vulnerabilities or not, i.e., whether the corresponding sink methodcall contains the vulnerabilities or not.