Top10 publishers:
b'bobrov'117 
b'sp1d3rs'86 
b'geeknik'84 
b'linkks'75 
b'jobert'70 
b'nyymi'65 
b'someonenobbd'62 
b'ooooooo_q'54 
b'guido'50 
b'haxta4ok00'49 

the unofficial HackerOne disclosure timeline.

X
b'curl' disclosed a bug submitted by b'stif' 
b'Telnet Suboption Buffer Pointer Underflow in lib/telnet.c leads to Out-of-Bounds Read'
29 Dec 2025 timeline
b'curl' disclosed a bug submitted by b'onevone' 
b'CrossLayer State Confusion in libcurl: Credential & KeyMaterial Persistence Across Redirect / Connection Reuse Boundaries'
28 Dec 2025 timeline
b'curl' disclosed a bug submitted by b'efrsxcv' 
b'WebSocket Logic Error: Control Frame (PING/PONG) Starvation causes Connection Drop (DoS) during large transfers'
28 Dec 2025 timeline
b'curl' disclosed a bug submitted by b'efrsxcv' 
b'Heap Buffer Over-read in lib/http2.c (on_header) handling PUSH_PROMISE frames'
28 Dec 2025 timeline
b'curl' disclosed a bug submitted by b'efrsxcv' 
b'CRLF Injection / Protocol Smuggling in libcurl via CURLOPT_USERNAME (IMAP)'
28 Dec 2025 timeline
b'curl' disclosed a bug submitted by b'0x0000nosfu' 
b'HTTP/3 Protocol Smuggling and Header Injection via CRLF in QPACK value conversion'
27 Dec 2025 timeline
b'curl' disclosed a bug submitted by b'y_security' 
b'Security hardening: missing integer overflow check in curl_load_library()'
27 Dec 2025 timeline
b'curl' disclosed a bug submitted by b'0x0000nosfu' 
b'Protocol Smuggling / CRLF Injection via Gopher Protocol allows Arbitrary Command Injection'
25 Dec 2025 timeline
b'curl' disclosed a bug submitted by b'vovohelo' 
b'Integer Overflow in `curl_easy_escape()` may lead to heap buffer overflow and stack memory disclosure on 32-bit platforms'
25 Dec 2025 timeline
b'curl' disclosed a bug submitted by b'pwnie' 
b'Public-suffix cookie injection when libpsl is disabled'
25 Dec 2025 timeline
b'curl' disclosed a bug submitted by b'strokep' 
b'Heap Buffer Over-Read via Malicious SMB Server READ_ANDX Response'
25 Dec 2025 timeline
b'Nextcloud' disclosed a bug submitted by b'waloodi109' 
b'tabnabbing in roundcube webmail'
24 Dec 2025 timeline
b'curl' disclosed a bug submitted by b'anonymous_237' 
b'HAProxy Connection Reuse leads to IP Spoofing and mTLS Context Smuggling'
23 Dec 2025 timeline
b'curl' disclosed a bug submitted by b'pwnie' 
b'libcurl WebSocket handshake accepts any Sec-WebSocket-Accept'
23 Dec 2025 timeline
b'Nextcloud' disclosed a bug submitted by b'lauritz' 
b'[nextcloud/mail] Blind SSRF to Internal Network via "List-Unsubscribe" SMTP Header when allow_local_remote_servers is allowed'
23 Dec 2025 timeline
b'Basecamp' disclosed a bug submitted by b'brumbelow' 
b'Link unfurling calls out to arbitrary URLs and the private-network guard misses link-local addresses'
22 Dec 2025 timeline
b'curl' disclosed a bug submitted by b'herdiyanitdev' 
b'Functional Regression in Digest Authentication: Failure to handle optional spaces and escaped quotes'
21 Dec 2025 timeline
b'curl' disclosed a bug submitted by b'herdiyanitdev' 
b'A logic error in detect_proxy caused truncation of environment variable names for long protocol schemes.'
21 Dec 2025 timeline
b'curl' disclosed a bug submitted by b'gaurav0212' 
b'Unbounded memory consumption via compressed HTTP responses (gzip/brotli/zstd)'
21 Dec 2025 timeline
1 2 3 ... 747
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM