With the dramatic increase in the number and size of software in the industry, tremendous research has been studied to automatically detect vulnerabilities. However, existing detection methods have limitations in code semantic modeling and detection granularity, which makes them unable to meet the requirements of high accuracy and fine granularity at the same time. In this paper, we propose a general framework, namely VulDL, which can effectively identify whether a given code snippet has a vulnerability and lo-cate the specific code line where the vulnerability resides. VulDL first represents the source code as a novel semantic data structure, namely the adapted code property graph. After that, tree-based and graph-based neural networks are designed, which learn features according to the hierarchies and neighborhoods, and further realize vulnerability identification and localization. Our evaluation shows that VulDL achieves F1-scores of 98.68% and 94.85% in the identification of buffer error and resource management error vulnerabilities and 97.73% on their combined vulnerabilities. On the FFmpeg+QEMU dataset, VulDL achieves an F1-score of 59.62%, which is more effective than existing methods. Besides, VulDL can locate vulnerabilities at the statement granularity with F1-scores of 97.88%, 98.31%, and 99.16% on the evaluated datasets.