Vul-RAG is a novel LLM-based vulnerability detection technique that leverages knowledge-level retrieval-augmented generation (RAG) to detect vulnerabilities in code. The method consists of three phases: (1) constructing a vulnerability knowledge base by extracting multi-dimension knowledge (functional semantics, causes, and fixing solutions) from existing CVE instances using LLMs; (2) retrieving relevant vulnerability knowledge from the constructed knowledge base based on functional semantics for a given code snippet; and (3) using LLMs to check the vulnerability of the code snippet by reasoning about the presence of vulnerability causes and fixing solutions of the retrieved knowledge. The proposed technique outperforms existing baselines in accuracy and pairwise accuracy, achieving 12.96% and 110% improvements, respectively. A user study shows that the vulnerability knowledge generated by Vul-RAG improves manual detection accuracy from 0.60 to 0.77. The evaluation results confirm the effectiveness of the knowledge-level RAG framework in enhancing both automated and manual vulnerability detection. The benchmark PairVul, containing 4,314 pairs of vulnerable and patched code functions across 2,073 CVEs, was constructed to evaluate the techniques. The results show that existing learning-based techniques have limited effectiveness in distinguishing similar code pairs, highlighting the need for better understanding of code semantics. The proposed method addresses this by leveraging high-level vulnerability knowledge to improve detection accuracy. The evaluation also demonstrates that the knowledge-level RAG framework provides high-quality explanations that are useful for developers in understanding vulnerable or non-vulnerable code. The results indicate that capturing subtle semantic differences is challenging, and future work should focus on improving the knowledge base to address this limitation.Vul-RAG is a novel LLM-based vulnerability detection technique that leverages knowledge-level retrieval-augmented generation (RAG) to detect vulnerabilities in code. The method consists of three phases: (1) constructing a vulnerability knowledge base by extracting multi-dimension knowledge (functional semantics, causes, and fixing solutions) from existing CVE instances using LLMs; (2) retrieving relevant vulnerability knowledge from the constructed knowledge base based on functional semantics for a given code snippet; and (3) using LLMs to check the vulnerability of the code snippet by reasoning about the presence of vulnerability causes and fixing solutions of the retrieved knowledge. The proposed technique outperforms existing baselines in accuracy and pairwise accuracy, achieving 12.96% and 110% improvements, respectively. A user study shows that the vulnerability knowledge generated by Vul-RAG improves manual detection accuracy from 0.60 to 0.77. The evaluation results confirm the effectiveness of the knowledge-level RAG framework in enhancing both automated and manual vulnerability detection. The benchmark PairVul, containing 4,314 pairs of vulnerable and patched code functions across 2,073 CVEs, was constructed to evaluate the techniques. The results show that existing learning-based techniques have limited effectiveness in distinguishing similar code pairs, highlighting the need for better understanding of code semantics. The proposed method addresses this by leveraging high-level vulnerability knowledge to improve detection accuracy. The evaluation also demonstrates that the knowledge-level RAG framework provides high-quality explanations that are useful for developers in understanding vulnerable or non-vulnerable code. The results indicate that capturing subtle semantic differences is challenging, and future work should focus on improving the knowledge base to address this limitation.